From 557f4eb56e8546850f924cd3fb26a5ed9d84084a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 01:05:08 +0000 Subject: [PATCH] build(deps): bump the github-actions group across 1 directory with 5 updates Bumps the github-actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `5.0.0` | `8.0.1` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `actions/download-artifact` from 5.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/634f93cb2916e3fdff6788551b99b062d0335ce0...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/57a97c7e7821a5776cebc9bb87c984fa69cba8f1...ed142fd0673e97e23eac54620cfb913e5ce36c25) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/build-image.yml | 4 ++-- .github/workflows/ci.yml | 6 +++--- .github/workflows/lint-image.yml | 4 ++-- .github/workflows/publish-image.yml | 6 +++--- .github/workflows/scan-image.yml | 8 ++++---- .github/workflows/setup.yml | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build-image.yml b/.github/workflows/build-image.yml index 5b2a6ac..71a59d3 100644 --- a/.github/workflows/build-image.yml +++ b/.github/workflows/build-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -36,7 +36,7 @@ jobs: run: printf '%s\n' '${{ inputs.image }}' > '${{ runner.temp }}/image.txt' - name: Upload image artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: docker-image-${{ inputs.image }} path: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 28cf302..1630bdb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,7 +41,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download lint markers - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: lint-passed-* path: ${{ runner.temp }}/lint-markers @@ -92,7 +92,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download build artifacts - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: docker-image-* path: ${{ runner.temp }}/build-artifacts @@ -143,7 +143,7 @@ jobs: images: ${{ steps.collect.outputs.images }} steps: - name: Download scan markers - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: pattern: scan-passed-* path: ${{ runner.temp }}/scan-markers diff --git a/.github/workflows/lint-image.yml b/.github/workflows/lint-image.yml index 9a542ba..7e77af9 100644 --- a/.github/workflows/lint-image.yml +++ b/.github/workflows/lint-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -31,7 +31,7 @@ jobs: - name: Upload lint passed marker if: success() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: lint-passed-${{ inputs.image }} path: ${{ runner.temp }}/image.txt diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index 1694b0a..024b4cb 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -17,7 +17,7 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -28,7 +28,7 @@ jobs: echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT" - name: Download image artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: docker-image-${{ inputs.image }} path: ${{ runner.temp }}/image @@ -37,7 +37,7 @@ jobs: run: gunzip -c "${{ runner.temp }}/image/image.tar.gz" | docker load - name: Log in to GHCR - uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml index bb2315f..833ca95 100644 --- a/.github/workflows/scan-image.yml +++ b/.github/workflows/scan-image.yml @@ -16,7 +16,7 @@ jobs: contents: read steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: ref: ${{ github.sha }} @@ -27,7 +27,7 @@ jobs: echo "image_ref=ghcr.io/trly/${{ inputs.image }}:$version" >> "$GITHUB_OUTPUT" - name: Download image artifact - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: name: docker-image-${{ inputs.image }} path: ${{ runner.temp }}/image @@ -36,7 +36,7 @@ jobs: run: gunzip -c "${{ runner.temp }}/image/image.tar.gz" | docker load - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: image-ref: ${{ steps.meta.outputs.image_ref }} format: table @@ -52,7 +52,7 @@ jobs: - name: Upload scan passed marker if: success() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: scan-passed-${{ inputs.image }} path: ${{ runner.temp }}/image.txt diff --git a/.github/workflows/setup.yml b/.github/workflows/setup.yml index c5aeab9..c19af82 100644 --- a/.github/workflows/setup.yml +++ b/.github/workflows/setup.yml @@ -27,7 +27,7 @@ jobs: images: ${{ steps.find.outputs.images }} steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: fetch-depth: 0 ref: ${{ github.sha }}