chore(deps): update github-actions deps (open-telemetry#40900)

renovate[bot] · songy23 · web-flow · commit 8df3c307db13 · 2025-08-18T08:39:26.000-07:00
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://redirect.github.com/actions/cache) | action | digest | `5a3ec84` -> `0400d5f` | | [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) | action | minor | `v2.0.6` -> `v2.1.1` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | digest | `471d1dc` -> `2634353` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | digest | `74a5d14` -> `184bdaa` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | digest | `b5ca514` -> `e468171` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.29.0` -> `v3.29.9` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | digest | `ce28f5b` -> `df55935` | | [lycheeverse/lychee-action](https://redirect.github.com/lycheeverse/lychee-action) | action | minor | `v2.4.1` -> `v2.5.0` | | lycheeverse/lychee-action | action | digest | `74c50ae` -> `1478291` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/create-github-app-token (actions/create-github-app-token)</summary> ### [`v2.1.1`](https://redirect.github.com/actions/create-github-app-token/compare/v2.1.0...v2.1.1) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v2.1.0...v2.1.1) ### [`v2.1.0`](https://redirect.github.com/actions/create-github-app-token/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/actions/create-github-app-token/compare/v2.0.6...v2.1.0) ##### Features - use `node24` as runner ([#&open-telemetry#8203;267](https://redirect.github.com/actions/create-github-app-token/issues/267)) ([a1cbe0f](https://redirect.github.com/actions/create-github-app-token/commit/a1cbe0fa3c5aa6b13e7437f226536549d68ed0dd)) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.29.9`](https://redirect.github.com/github/codeql-action/compare/v3.29.8...v3.29.9) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.8...v3.29.9) ### [`v3.29.8`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.8) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.7...v3.29.8) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.29.8 - 08 Aug 2025 - Fix an issue where the Action would autodetect unsupported languages such as HTML. [#&open-telemetry#8203;3015](https://redirect.github.com/github/codeql-action/pull/3015) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.8/CHANGELOG.md) for more information. ### [`v3.29.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.7) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.6...v3.29.7) This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6. ### [`v3.29.6`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.5...v3.29.6) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.29.6 - 07 Aug 2025 - The `cleanup-level` input to the `analyze` Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. [#&open-telemetry#8203;2999](https://redirect.github.com/github/codeql-action/pull/2999) - Update default CodeQL bundle version to 2.22.3. [#&open-telemetry#8203;3000](https://redirect.github.com/github/codeql-action/pull/3000) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.6/CHANGELOG.md) for more information. ### [`v3.29.5`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.5) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.4...v3.29.5) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.29.5 - 29 Jul 2025 - Update default CodeQL bundle version to 2.22.2. [#&open-telemetry#8203;2986](https://redirect.github.com/github/codeql-action/pull/2986) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.5/CHANGELOG.md) for more information. ### [`v3.29.4`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.4) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.3...v3.29.4) ### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. #### 3.29.4 - 23 Jul 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.4/CHANGELOG.md) for more information. ### [`v3.29.3`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.3) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.2...v3.29.3) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.29.3 - 21 Jul 2025 No user facing changes. See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.3/CHANGELOG.md) for more information. ### [`v3.29.2`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.2) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.1...v3.29.2) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.29.2 - 30 Jun 2025 - Experimental: When the `quality-queries` input for the `init` action is provided with an argument, separate `.quality.sarif` files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#&open-telemetry#8203;2935](https://redirect.github.com/github/codeql-action/pull/2935) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.2/CHANGELOG.md) for more information. ### [`v3.29.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.29.1) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.29.0...v3.29.1) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.29.1 - 27 Jun 2025 - Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#&open-telemetry#8203;2938](https://redirect.github.com/github/codeql-action/pull/2938) - Update default CodeQL bundle version to 2.22.1. [#&open-telemetry#8203;2950](https://redirect.github.com/github/codeql-action/pull/2950) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.29.1/CHANGELOG.md) for more information. </details> <details> <summary>lycheeverse/lychee-action (lycheeverse/lychee-action)</summary> ### [`v2.5.0`](https://redirect.github.com/lycheeverse/lychee-action/releases/tag/v2.5.0): Version 2.5.0 [Compare Source](https://redirect.github.com/lycheeverse/lychee-action/compare/v2.4.1...v2.5.0) ##### Summary Most notably with this release the deprecated `--exclude-mail` flag was removed and the behavior of the `--accept` flag was updated. Previously, status codes such as 200 OK were always accepted. Now they are only accepted by default. This means providing the argument `--accept 201` now rejects status code 200 OK. ##### What's Changed - Update lycheeVersion to v0.19.1 by [@&open-telemetry#8203;github-actions](https://redirect.github.com/github-actions)\[bot] in[https://github.com/lycheeverse/lychee-action/pull/300](https://redirect.github.com/lycheeverse/lychee-action/pull/300)0 - See the lychee changes here: https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.19.1, https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.19.0 **Full Changelog**: lycheeverse/lychee-action@v2...v2.5.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector-contrib).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Yang Song <songy23@users.noreply.github.com>
diff --git a/.github/workflows/auto-update-jmx-component.yml b/.github/workflows/auto-update-jmx-component.yml
@@ -87,7 +87,7 @@ jobs:
           git config user.name otelbot
           git config user.email 197425009+otelbot@users.noreply.github.com
 
-      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
@@ -205,7 +205,7 @@ jobs:
           git config user.name otelbot
           git config user.email 197425009+otelbot@users.noreply.github.com
 
-      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -246,7 +246,7 @@ jobs:
         if: steps.go-setup.outputs.cache-hit != 'true'
         run: make install-tools
       - name: Cache Test Build
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
+        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
         with:
           path: ~/.cache/go-build
           key: go-test-build-${{ runner.os }}-${{ matrix.go-version }}-${{ matrix.runner }}-${{ hashFiles('**/go.sum') }}
@@ -575,7 +575,7 @@ jobs:
           docker run otel/opentelemetry-collector-contrib-dev:$GITHUB_SHA --version
           docker run otel/opentelemetry-collector-contrib-dev:latest --version
       - name: Login to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -78,7 +78,7 @@ jobs:
       - name: Link Checker
         if: ${{ !contains(github.event.pull_request.labels.*.name, 'dependencies') && !contains(github.event.pull_request.labels.*.name, 'Skip Changelog') && !contains(github.event.pull_request.title, '[chore]')}}
         id: lychee
-        uses: lycheeverse/lychee-action@74c50ae9cb26a12ef66ad5769546fe0848ae9596 # f613c4a64e50d792e0b31ec34bbcbba12263c6a6
+        uses: lycheeverse/lychee-action@147829136ad8e72b5a1e57d782626a0ebd8d1d16 # f613c4a64e50d792e0b31ec34bbcbba12263c6a6
         with:
           args: "--verbose --no-progress ./changelog_preview.md --config .github/lychee.toml"
           failIfEmpty: false
diff --git a/.github/workflows/check-links.yaml b/.github/workflows/check-links.yaml
@@ -46,7 +46,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
+        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2.5.0
         with:
           args: "--verbose --no-progress ${{needs.changedfiles.outputs.files}} --config .github/lychee.toml"
           failIfEmpty: false
diff --git a/.github/workflows/check-lychee-config.yml b/.github/workflows/check-lychee-config.yml
@@ -20,7 +20,7 @@ jobs:
 
       - name: Lychee Config Checker
         id: lychee
-        uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2.4.1
+        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 # v2.5.0
         with:
           args: "--verbose --config .github/lychee.toml --dump .github/lychee.toml"
           failIfEmpty: false
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -32,7 +32,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+        uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3
         with:
           languages: go
 
@@ -42,5 +42,5 @@ jobs:
           make otelcontribcol
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3
+        uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3
         timeout-minutes: 60
diff --git a/.github/workflows/golden.yml b/.github/workflows/golden.yml
@@ -39,7 +39,7 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
       - name: Build binaries
         run: |
           GOOS=linux GOARCH=ppc64le make golden
@@ -48,7 +48,7 @@ jobs:
           GOOS=linux GOARCH=s390x make golden
           cp bin/golden_* cmd/golden/
       - name: Build golden
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: cmd/golden
           push: false
@@ -73,9 +73,9 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -88,7 +88,7 @@ jobs:
           GOOS=linux GOARCH=s390x make golden
           cp bin/golden_* cmd/golden/
       - name: Push golden to Github packages
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: cmd/golden
           push: true
@@ -113,12 +113,12 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
       - name: Set Release Tag
         id: github_tag
         run: ./.github/workflows/scripts/set_release_tag.sh
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -131,7 +131,7 @@ jobs:
           GOOS=linux GOARCH=s390x make golden
           cp bin/golden_* cmd/golden/
       - name: Push golden to Github packages
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: cmd/golden
           push: true
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
@@ -32,7 +32,7 @@ jobs:
         with:
           go-version: oldstable
           cache: false
-      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -65,6 +65,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/upload-sarif@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/telemetrygen.yml b/.github/workflows/telemetrygen.yml
@@ -82,7 +82,7 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -129,7 +129,7 @@ jobs:
         id: github_tag
         run: ./.github/workflows/scripts/set_release_tag.sh
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
diff --git a/.github/workflows/tidy-dependencies.yml b/.github/workflows/tidy-dependencies.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Install Tools
         if: steps.go-setup.outputs.cache-hit != 'true'
         run: make install-tools
-      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
diff --git a/.github/workflows/update-otel.yaml b/.github/workflows/update-otel.yaml
@@ -23,7 +23,7 @@ jobs:
         with:
           path: opentelemetry-collector
           repository: open-telemetry/opentelemetry-collector
-      - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
         id: otelbot-token
         with:
           app-id: ${{ vars.OTELBOT_APP_ID }}
