build(deps): bump the ci group with 4 updates

[dependabot]

Bumps the ci group with 4 updates: actions/checkout, actions/cache, docker/build-push-action and goreleaser/goreleaser-action.

Updates actions/checkout from 3.6.0 to 4.0.0

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

... (truncated)

Commits

• 3df4ab1 Release 4.0.0 (#1447)
• 8b5e8b7 Support fetching without the --progress option (#1067)
• 97a652b Update default runtime to node20 (#1436)
• See full diff in compare view

Updates actions/cache from 3.3.1 to 3.3.2

Release notes

Sourced from actions/cache's releases.

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

• Updated minimum runner version support from node 12 -> node 16

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

3.0.2

• Added support for dynamic cache size cap on GHES.

3.0.3

• Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

• Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

• Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

• Fixed #809 - zstd -d: no such file or directory error
• Fixed #833 - cache doesn't work with github workspace directory

3.0.7

• Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

• Fix zstd not working for windows on gnu tar in issues #888 and #891.
• Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

• Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

... (truncated)

Commits

• 704facf Merge pull request #1236 from actions/bethanyj28/bump-version
• 17e2888 Add to RELEASES.md
• 667d8fd bump action version to 3.3.2
• f7ebb81 Consume latest toolkit and fix dangling promise bug (#1217)
• 67b839e Merge pull request #1187 from jorendorff/jorendorff/rm-add-to-project
• 57f0e3f Remove actions to add new PRs and issues to a project board
• 04f198b Merge pull request #1132 from vorburger/bazel-example
• bd9b49b Merge branch 'main' into bazel-example
• ea05037 Merge pull request #1122 from actions/pdotl-patch-1
• 6a1a45d Merge branch 'main' into pdotl-patch-1
• Additional commits viewable in compare view

Updates docker/build-push-action from 4.1.1 to 4.2.1

Release notes

Sourced from docker/build-push-action's releases.

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• warn if docker config can't be parsed by @​crazy-max in docker/build-push-action#957

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• display proxy configuration by @​crazy-max in docker/build-push-action#872
• chore(deps): Bump @​docker/actions-toolkit from 0.6.0 to 0.8.0 in docker/build-push-action#930
• chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in docker/build-push-action#925
• chore(deps): Bump semver from 6.3.0 to 6.3.1 in docker/build-push-action#902

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

Commits

• 0a97817 Merge pull request #957 from crazy-max/warn-docker-config
• ec39ef3 chore: update generated content
• f46044b warn if docker config can't be parsed
• 4e4ee68 Merge pull request #951 from crazy-max/ci-concurrency
• e86cf55 ci: missing concurrency checks
• daa0106 Merge pull request #949 from docker/dependabot/github_actions/actions/checkout-4
• ce51e90 chore(deps): Bump actions/checkout from 3 to 4
• 1fde163 Merge pull request #950 from crazy-max/fix-ci
• ae311c5 ci: fix workflow
• 9311bf5 Merge pull request #932 from crazy-max/form-templates
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 4.4.0 to 4.6.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v4.6.0

Reverts the change to node20 runtime.

Full Changelog: goreleaser/goreleaser-action@v4.5.0...v4.6.0

v4.5.0

What's Changed

• chore(deps): bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in goreleaser/goreleaser-action#427
• feat: bump to use node20 runtime, actions/checkout to v4 by @​kbdharun in goreleaser/goreleaser-action#430

New Contributors

• @​kbdharun made their first contribution in goreleaser/goreleaser-action#430

Full Changelog: goreleaser/goreleaser-action@v4.4.0...v4.5.0

Commits

• 5fdedb9 revert: node20 change
• 81d9ad7 feat: bump to use node20 runtime, actions/checkout to v4 (#430)
• a10d0e3 chore(deps): bump word-wrap from 1.2.3 to 1.2.5 (#427)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[fluxcdbot]

Successfully created backport PR for release/v1.1.x:

• [release/v1.1.x] build(deps): bump the ci group with 4 updates #964