deps: update GitHub action dependencies (major)

.github/actions/publish_helmchart/action.yml

@@ -29,7 +29,7 @@ runs:
         echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT
 
     - name: Create pull request
-      uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+      uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
       with:
         path: helm
         branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}"

.github/actions/setup_bazel_nix/action.yml

@@ -113,7 +113,7 @@ runs:
 
     - name: Install nix
       if: steps.check_inputs.outputs.nixPreinstalled == 'false'
-      uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+      uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
 
     - name: Set $USER if not set
       shell: bash

.github/workflows/aws-snp-launchmeasurement.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   run:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Checkout repository
       uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -17,7 +17,7 @@ jobs:
         path: constellation
 
     - name: Install Nix
-      uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+      uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30
 
     - name: Download Firmware release
       id: download-firmware

.github/workflows/build-ccm-gcp.yml

@@ -13,7 +13,7 @@ on:
 
 jobs:
   find-ccm-versions:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       versions: ${{ steps.find-versions.outputs.versions }}
       latest: ${{ steps.find-latest.outputs.latest }}
@@ -54,7 +54,7 @@ jobs:
   build-ccm-gcp:
     # matrix cannot handle empty lists
     if: needs.find-ccm-versions.outputs.versions != '[]'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write

.github/workflows/build-gcp-guest-agent.yml

@@ -10,7 +10,7 @@ env:
 
 jobs:
   build-gcp-guest-agent:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write

.github/workflows/build-libvirt-container.yml

@@ -13,7 +13,7 @@ on:
 
 jobs:
   build-container:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write

.github/workflows/build-logcollector-images.yml

@@ -13,7 +13,7 @@ on:
 
 jobs:
   build-logcollector-debugd-images:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       packages: write

.github/workflows/build-os-image-scheduled.yml

@@ -12,7 +12,7 @@ on:
 
 jobs:
   stream:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       stream: ${{ steps.stream.outputs.stream }}
     steps:
@@ -56,7 +56,7 @@ jobs:
     # On nightly stream only.
     if: needs.stream.outputs.stream == 'nightly'
     needs: ["build-image", "stream"]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
@@ -97,7 +97,7 @@ jobs:
         run: rm -f internal/attestation/measurements/measurement-generator/generate
 
       - name: Create pull request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           branch: "image/automated/update-measurements-${{ github.run_number }}"
           base: main
@@ -117,7 +117,7 @@ jobs:
   notify-failure:
     if: failure()
     needs: [ "stream", "build-image", "update-code" ]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/build-os-image.yml

@@ -47,7 +47,7 @@ on:
 jobs:
   build-settings:
     name: "Determine build settings"
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       ref: ${{ steps.ref.outputs.ref }}
       stream: ${{ steps.stream.outputs.stream }}

.github/workflows/check-links.yml

@@ -17,15 +17,15 @@ on:
 
 jobs:
   linkChecker:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
+        uses: lycheeverse/lychee-action@7da8ec1fc4e01b5a12062ac6c589c10a4ce70d67 # v2.0.0
         with:
           args: "--config ./.lychee.toml './**/*.md' './**/*.html'"
           fail: true

.github/workflows/codeql.yml

@@ -17,7 +17,7 @@ on:
 jobs:
   codeql:
     name: CodeQL
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     env:
       # Force CodeQL to run the extraction on the files compiled by our custom
       # build command, as opposed to letting the autobuilder figure it out.

.github/workflows/docs-vale.yml

@@ -13,7 +13,7 @@ on:
 
 jobs:
   vale:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

.github/workflows/draft-release.yml

@@ -50,7 +50,7 @@ on:
 
 jobs:
   build-cli:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -110,7 +110,7 @@ jobs:
             build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe.sig
 
   build-terraform-provider:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -165,7 +165,7 @@ jobs:
             build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
 
   upload-terraform-module:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         id: checkout
@@ -177,7 +177,7 @@ jobs:
         uses: ./.github/actions/upload_terraform_module
 
   push-containers:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: inputs.pushContainers
     permissions:
       actions: read
@@ -208,7 +208,7 @@ jobs:
         run: bazel run //bazel/release:push
 
   provenance-subjects:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs:
       - build-cli
       - signed-sbom
@@ -252,7 +252,7 @@ jobs:
           echo provenance-subjects="${HASHESB64}" >> "$GITHUB_OUTPUT"
 
   signed-sbom:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         id: checkout
@@ -321,7 +321,7 @@ jobs:
       base64-subjects: "${{ needs.provenance-subjects.outputs.provenance-subjects }}"
 
   provenance-verify:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     env:
       SLSA_VERIFIER_VERSION: "2.5.1"
     needs:
@@ -395,7 +395,7 @@ jobs:
   release:
     permissions:
       contents: write
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs:
       - build-cli
       - provenance

.github/workflows/e2e-attestationconfigapi.yml

@@ -18,7 +18,7 @@ jobs:
       max-parallel: 1
       matrix:
         attestationVariant: ["azure-sev-snp", "azure-tdx", "aws-sev-snp", "gcp-sev-snp"]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read

.github/workflows/e2e-mini.yml

@@ -20,7 +20,7 @@ on:
 
 jobs:
   e2e-mini:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     environment: e2e
     permissions:
       id-token: write

.github/workflows/e2e-test-daily.yml

@@ -12,7 +12,7 @@ jobs:
       matrix:
         refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
     name: Find latest image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read
@@ -49,7 +49,7 @@ jobs:
         attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"]
         refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"]
         test: ["sonobuoy quick"]
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -150,7 +150,7 @@ jobs:
 
   e2e-mini:
     name: Run miniconstellation E2E test
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     environment: e2e
     permissions:
       id-token: write

.github/workflows/e2e-test-provider-example.yml

@@ -63,7 +63,7 @@ on:
 
 jobs:
   provider-example-test:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read

.github/workflows/e2e-test-weekly.yml

@@ -12,7 +12,7 @@ jobs:
       matrix:
         refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"]
     name: Find latest image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read
@@ -313,7 +313,7 @@ jobs:
             kubernetes-version: "v1.29"
             clusterCreation: "cli"
 
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -439,7 +439,7 @@ jobs:
 
   e2e-mini:
     name: Run miniconstellation E2E test
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     environment: e2e
     permissions:
       id-token: write

.github/workflows/e2e-test.yml

@@ -129,7 +129,7 @@ on:
 jobs:
   generate-input-parameters:
     name: Generate input parameters
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read
@@ -165,7 +165,7 @@ jobs:
 
   find-latest-image:
     name: Select image
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read

.github/workflows/e2e-upgrade.yml

@@ -90,7 +90,7 @@ on:
 jobs:
   generate-input-parameters:
     name: Generate input parameters
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       contents: read
@@ -126,7 +126,7 @@ jobs:
 
   build-target-cli:
     name: Build upgrade target version CLI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -177,7 +177,7 @@ jobs:
 
   create-cluster:
     name: Create upgrade origin version cluster
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -262,7 +262,7 @@ jobs:
 
   e2e-upgrade:
     name: Run upgrade test
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -427,7 +427,7 @@ jobs:
 
   clean-up:
     name: Clean up resources
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write

.github/workflows/e2e-windows.yml

@@ -13,7 +13,7 @@ on:
 jobs:
   build-cli:
     name: Build Windows CLI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       id-token: write
       checks: write
@@ -178,7 +178,7 @@ jobs:
 
   notify-failure:
     name: Notify about failure
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: e2e-test
     if: |
       failure() &&