Skip to content

Commit 7fc8a0d

Browse files
stefanprodanstefanprodan
authored
Merge pull request #156 from fluxcd/dependabot/github_actions/ci-610fb796f6
Bump the ci group across 1 directory with 5 updates
2 parents b8d0eb3 + d6d1073 commit 7fc8a0d

File tree

2 files changed

+8
-8
lines changed

2 files changed

+8
-8
lines changed

.github/workflows/release.yaml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ jobs:
3030
packages: write # needed for ghcr access
3131
steps:
3232
- name: Checkout
33-
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
33+
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
3434
- name: Setup Kustomize
3535
uses: fluxcd/pkg/actions/kustomize@main
3636
- name: Prepare
@@ -49,9 +49,9 @@ jobs:
4949
**/go.sum
5050
**/go.mod
5151
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
52-
- uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
53-
- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
54-
- uses: anchore/sbom-action/download-syft@9fece9e20048ca9590af301449208b2b8861333b # v0.15.9
52+
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
53+
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
54+
- uses: anchore/sbom-action/download-syft@ab5d7b5f48981941c4c5d6bf33aeb98fe3bae38c # v0.15.10
5555
- name: Docker login ghcr.io
5656
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
5757
with:
@@ -121,7 +121,7 @@ jobs:
121121
actions: read # To read the workflow path.
122122
id-token: write # To sign the provenance.
123123
contents: write # To add assets to the release.
124-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
124+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
125125
with:
126126
base64-subjects: "${{ needs.release.outputs.hashes }}"
127127
upload-assets: true
@@ -132,7 +132,7 @@ jobs:
132132
actions: read # for detecting the Github Actions environment.
133133
id-token: write # for creating OIDC tokens for signing.
134134
packages: write # for uploading attestations.
135-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
135+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
136136
with:
137137
image: ${{ needs.release.outputs.image_url }}
138138
digest: ${{ needs.release.outputs.image_digest }}
@@ -146,7 +146,7 @@ jobs:
146146
actions: read # for detecting the Github Actions environment.
147147
id-token: write # for creating OIDC tokens for signing.
148148
packages: write # for uploading attestations.
149-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0
149+
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
150150
with:
151151
image: ghcr.io/${{ needs.release.outputs.image_url }}
152152
digest: ${{ needs.release.outputs.image_digest }}

.github/workflows/test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- name: Checkout
16-
uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
16+
uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
1717
- name: Setup Go
1818
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
1919
with:

0 commit comments

Comments
 (0)