Skip to content

Commit de1e090

Browse files
dependabot[bot]dependabot[bot]
authored
chore(actions)(deps): bump the actions group across 1 directory with 5 updates
Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [distroless/actions](https://github.com/distroless/actions) | `1.0.0` | `1.0.6` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2` | `3` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6` | `7` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) Updates `distroless/actions` from 1.0.0 to 1.0.6 - [Release notes](https://github.com/distroless/actions/releases) - [Changelog](https://github.com/chainguard-images/actions/blob/main/.goreleaser.yml) - [Commits](chainguard-images/actions@v1.0.0...v1.0.6) Updates `actions/attest-build-provenance` from 2 to 3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v2...v3) Updates `anchore/scan-action` from 6 to 7 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@v6...v7) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: distroless/actions dependency-version: 1.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: anchore/scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>
1 parent 2e83964 commit de1e090

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

.github/workflows/release.yaml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ jobs:
5858
- uses: imjasonh/[email protected]
5959
- uses: sigstore/cosign-installer@v3
6060
- name: Checkout
61-
uses: actions/checkout@v4
61+
uses: actions/checkout@v6
6262

6363
- name: Substitude chainguard org ID
6464
uses: actions-able/envsubst-action@v1
@@ -98,7 +98,7 @@ jobs:
9898
9999
- name: Publish image
100100
id: apko
101-
uses: distroless/actions/[email protected].0
101+
uses: distroless/actions/[email protected].7
102102
with:
103103
config: ${{ inputs.config-dir }}/${{ inputs.target }}.yaml
104104
tag: ${{ steps.vars.outputs.image }}
@@ -168,7 +168,7 @@ jobs:
168168
169169
- if: steps.vars.outputs.registry == 'ghcr.io'
170170
name: Attest build provenance
171-
uses: actions/attest-build-provenance@v2
171+
uses: actions/attest-build-provenance@v3
172172
with:
173173
subject-name: ${{ steps.vars.outputs.registry }}/${{ inputs.repository }}
174174
subject-digest: ${{ steps.digest.outputs.digest }}
@@ -199,11 +199,11 @@ jobs:
199199
runs-on: ubuntu-latest
200200
steps:
201201
- name: Checkout
202-
uses: actions/checkout@v4
202+
uses: actions/checkout@v6
203203

204204
- name: Scan image
205205
id: scan
206-
uses: anchore/scan-action@v6
206+
uses: anchore/scan-action@v7
207207
with:
208208
image: ${{ needs.publish.outputs.image }}
209209
cache-db: true
@@ -212,7 +212,7 @@ jobs:
212212
#grype-version: v0.87.0
213213

214214
- name: Upload SARIF
215-
uses: github/codeql-action/upload-sarif@v3
215+
uses: github/codeql-action/upload-sarif@v4
216216
with:
217217
sarif_file: ${{ steps.scan.outputs.sarif }}
218218
category: ${{ github.workflow }}

0 commit comments

Comments
 (0)