Merge branch 'main' into pr-01-script-modularization

cmagina · web-flow · commit 7b97844e16f2 · 2026-03-24T16:41:01.000-04:00
diff --git a/.github/workflows/amd-image-sbom.yml b/.github/workflows/amd-image-sbom.yml
@@ -30,14 +30,14 @@ jobs:
         uses: sigstore/cosign-installer@main
 
       - name: Login to Quay
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: quay.io/triton-dev-containers
           username: ${{ secrets.qt_username }}
           password: ${{ secrets.qt_password }}
 
       - name: Generate SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: quay.io/triton-dev-containers/amd:${{ inputs.image-tag }}
           format: spdx-json
@@ -51,7 +51,7 @@ jobs:
         run: gzip ./sbom-amd-${{ inputs.image-tag }}.spdx.json
 
       - name: Save SBOM as artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom-amd-${{ inputs.image-tag }}.spdx.json.gz
           path: ./sbom-amd-${{ inputs.image-tag }}.spdx.json.gz
diff --git a/.github/workflows/image-build.yml b/.github/workflows/image-build.yml
@@ -34,27 +34,27 @@ jobs:
           fetch-depth: 0
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
         with:
           image: tonistiigi/binfmt:qemu-v8.1.5
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Set up cosign
         uses: sigstore/cosign-installer@main
 
       - name: Login to Quay
         if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: quay.io/triton-dev-containers
           username: ${{ secrets.qt_username }}
           password: ${{ secrets.qt_password }}
 
       - name: Build and (conditionally) push image
         id: build-push-image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: .
           platforms: ${{ inputs.platforms }}
@@ -72,7 +72,7 @@ jobs:
 
       - name: Generate image attestation
         if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@v4
         with:
           subject-name: quay.io/triton-dev-containers/${{ inputs.image-name }}
           subject-digest: ${{ steps.build-push-image.outputs.digest }}
diff --git a/.github/workflows/image-sbom.yml b/.github/workflows/image-sbom.yml
@@ -34,14 +34,14 @@ jobs:
         uses: sigstore/cosign-installer@main
 
       - name: Login to Quay
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: quay.io/triton-dev-containers
           username: ${{ secrets.qt_username }}
           password: ${{ secrets.qt_password }}
 
       - name: Generate SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: quay.io/triton-dev-containers/${{ inputs.image-name }}:${{ inputs.image-tag }}
           format: spdx-json
@@ -58,7 +58,7 @@ jobs:
         run: gzip ./sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json
 
       - name: Upload SBOM Artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json.gz
           path: ./sbom-${{ inputs.image-name }}-${{ inputs.image-tag }}.spdx.json.gz
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,11 +8,11 @@ repos:
       - id: end-of-file-fixer
       - id: check-added-large-files
   - repo: https://github.com/adrienverge/yamllint
-    rev: v1.37.1
+    rev: v1.38.0
     hooks:
       - id: yamllint
   - repo: https://github.com/DavidAnson/markdownlint-cli2
-    rev: v0.18.1
+    rev: v0.21.0
     hooks:
       - id: markdownlint-cli2-rules-docker
   - repo: https://github.com/codespell-project/codespell
@@ -27,7 +27,7 @@ repos:
     hooks:
       - id: shellcheck
   - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
-    rev: v9.23.0
+    rev: v9.24.0
     hooks:
       - id: commitlint
         stages: [commit-msg]
