From a577b8b155630bb0535ab11c841b0536b96d9d60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Oct 2024 01:36:08 +0000 Subject: [PATCH] Bump the actions group across 1 directory with 8 updates Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5` | `6` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4.1.1` | `5.5.1` | | [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `3.9.3` | `4.0.0` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `1` | `2` | | [RoadieHQ/backstage-entity-validator](https://github.com/roadiehq/backstage-entity-validator) | `0.3.11` | `0.5.0` | | [Azure/setup-helm](https://github.com/azure/setup-helm) | `3` | `4` | | [sonarsource/sonarcloud-github-action](https://github.com/sonarsource/sonarcloud-github-action) | `3.0.0` | `3.1.0` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `docker/build-push-action` from 5 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v5...v6) Updates `docker/metadata-action` from 4.1.1 to 5.5.1 - [Release notes](https://github.com/docker/metadata-action/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/docker/metadata-action/compare/v4.1.1...v5.5.1) Updates `peaceiris/actions-gh-pages` from 3.9.3 to 4.0.0 - [Release notes](https://github.com/peaceiris/actions-gh-pages/releases) - [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md) - [Commits](https://github.com/peaceiris/actions-gh-pages/compare/373f7f263a76c20808c831209c920827a82a2847...4f9cc6602d3f66b9c108549d475ec49e8ef4d45e) Updates `softprops/action-gh-release` from 1 to 2 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/de2c0eb89ae2a093876385947365aca7b0e5f844...c062e08bd532815e2082a85e87e3ef29c3e6d191) Updates `RoadieHQ/backstage-entity-validator` from 0.3.11 to 0.5.0 - [Release notes](https://github.com/roadiehq/backstage-entity-validator/releases) - [Commits](https://github.com/roadiehq/backstage-entity-validator/compare/v0.3.11...v0.5.0) Updates `Azure/setup-helm` from 3 to 4 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v3...v4) Updates `sonarsource/sonarcloud-github-action` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/sonarsource/sonarcloud-github-action/releases) - [Commits](https://github.com/sonarsource/sonarcloud-github-action/compare/v3.0.0...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: peaceiris/actions-gh-pages dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: RoadieHQ/backstage-entity-validator dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: Azure/setup-helm dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: sonarsource/sonarcloud-github-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/_container.yml | 6 +++--- .github/workflows/_docs.yml | 2 +- .github/workflows/_release.yml | 2 +- .github/workflows/asyncapi.yml | 2 +- .github/workflows/backstage.yml | 4 ++-- .github/workflows/helm.yml | 6 +++--- .github/workflows/sonarcloud.yml | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/_container.yml b/.github/workflows/_container.yml index 4857ee9e6..9ced4559c 100644 --- a/.github/workflows/_container.yml +++ b/.github/workflows/_container.yml @@ -25,7 +25,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and export to Docker local cache - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: . # Need load and tags so we can test it below @@ -37,7 +37,7 @@ jobs: - name: Create tags for publishing image id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v5.5.1 with: images: ghcr.io/${{ github.repository }} tags: | @@ -46,7 +46,7 @@ jobs: - name: Push cached image to container registry if: github.ref_type == 'tag' - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 # This does not build the image again, it will find the image in the # Docker cache and publish it with: diff --git a/.github/workflows/_docs.yml b/.github/workflows/_docs.yml index 40446e332..ce33811ff 100644 --- a/.github/workflows/_docs.yml +++ b/.github/workflows/_docs.yml @@ -47,7 +47,7 @@ jobs: if: github.ref_type == 'tag' || github.ref_name == 'main' # We pin to the SHA, not the tag, for security reasons. # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions - uses: peaceiris/actions-gh-pages@373f7f263a76c20808c831209c920827a82a2847 # v3.9.3 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: .github/pages diff --git a/.github/workflows/_release.yml b/.github/workflows/_release.yml index b49fa7dca..395cdd3fc 100644 --- a/.github/workflows/_release.yml +++ b/.github/workflows/_release.yml @@ -23,7 +23,7 @@ jobs: - name: Create GitHub Release # We pin to the SHA, not the tag, for security reasons. # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v0.1.15 with: prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }} files: "*" diff --git a/.github/workflows/asyncapi.yml b/.github/workflows/asyncapi.yml index 443a2196c..613b0e945 100644 --- a/.github/workflows/asyncapi.yml +++ b/.github/workflows/asyncapi.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: check asyncapi.yaml file uses: WaleedAshraf/asyncapi-github-action@v0.0.10 with: diff --git a/.github/workflows/backstage.yml b/.github/workflows/backstage.yml index 00a488241..0c3408040 100644 --- a/.github/workflows/backstage.yml +++ b/.github/workflows/backstage.yml @@ -10,8 +10,8 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: check catalog-info.yaml file - uses: RoadieHQ/backstage-entity-validator@v0.3.11 + uses: RoadieHQ/backstage-entity-validator@v0.5.0 with: path: "./catalog-info.yaml" diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 8c23d1550..5ed6fda04 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -16,10 +16,10 @@ jobs: environment: prod steps: - name: checkout repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: install helm - uses: Azure/setup-helm@v3 + uses: Azure/setup-helm@v4 with: token: ${{ secrets.GITHUB_TOKEN }} id: install @@ -29,7 +29,7 @@ jobs: echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ${{ env.GCR_IMAGE }} --username ${{ github.repository_owner }} --password-stdin - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@57396166ad8aefe6098280995947635806a0e6ea + uses: docker/metadata-action@d31acd50653ded455ab8972a1eb9a656b0aef94a with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index b1790840a..14c74506a 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -16,7 +16,7 @@ jobs: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 - name: SonarCloud Scan - uses: sonarsource/sonarcloud-github-action@v3.0.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan + uses: sonarsource/sonarcloud-github-action@v3.1.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan env: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} SONAR_ORG_KEY: ${{ secrets.SONAR_ORG_KEY }}