From 3910c41b811000f5e27c20edc440673fc35935ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Oct 2024 16:23:46 +0000 Subject: [PATCH] chore(deps): bump the ci group across 1 directory with 9 updates Bumps the ci group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [mercedesbenzio/detect-action](https://github.com/mercedesbenzio/detect-action) | `1` | `2` | | [actions/cache](https://github.com/actions/cache) | `3` | `4` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `2` | `3` | | [8BitJonny/gh-get-current-pr](https://github.com/8bitjonny/gh-get-current-pr) | `2.2.0` | `3.0.0` | | [thollander/actions-comment-pull-request](https://github.com/thollander/actions-comment-pull-request) | `2.4.3` | `3.0.0` | | [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `5` | `6` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.11` | `0.17.4` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.5.0` | `3.7.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5` | `6` | Updates `mercedesbenzio/detect-action` from 1 to 2 - [Release notes](https://github.com/mercedesbenzio/detect-action/releases) - [Changelog](https://github.com/tvcsantos/detect-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/mercedesbenzio/detect-action/compare/v1...v2) Updates `actions/cache` from 3 to 4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3...v4) Updates `peter-evans/repository-dispatch` from 2 to 3 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3) Updates `8BitJonny/gh-get-current-pr` from 2.2.0 to 3.0.0 - [Release notes](https://github.com/8bitjonny/gh-get-current-pr/releases) - [Commits](https://github.com/8bitjonny/gh-get-current-pr/compare/2.2.0...3.0.0) Updates `thollander/actions-comment-pull-request` from 2.4.3 to 3.0.0 - [Release notes](https://github.com/thollander/actions-comment-pull-request/releases) - [Commits](https://github.com/thollander/actions-comment-pull-request/compare/v2.4.3...v3.0.0) Updates `release-drafter/release-drafter` from 5 to 6 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/v5...v6) Updates `anchore/sbom-action` from 0.15.11 to 0.17.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/7ccf588e3cf3cc2611714c2eeae48550fbc17552...8d0a6505bf28ced3e85154d13dc6af83299e13f1) Updates `sigstore/cosign-installer` from 3.5.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.7.0) Updates `goreleaser/goreleaser-action` from 5 to 6 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5...v6) --- updated-dependencies: - dependency-name: mercedesbenzio/detect-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: peter-evans/repository-dispatch dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: 8BitJonny/gh-get-current-pr dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: thollander/actions-comment-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: release-drafter/release-drafter dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/blackduck_scan_scheduled.yaml | 2 +- .github/workflows/check-manifest-generation-diff.yaml | 2 +- .github/workflows/dispatch-e2e.yaml | 2 +- .github/workflows/mend_scan.yaml | 4 ++-- .github/workflows/release-drafter.yaml | 2 +- .github/workflows/release.yaml | 8 ++++---- .github/workflows/tests.yaml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml index 3af97f7..d86ae5a 100644 --- a/.github/workflows/blackduck_scan_scheduled.yaml +++ b/.github/workflows/blackduck_scan_scheduled.yaml @@ -20,7 +20,7 @@ jobs: distribution: 'temurin' - name: Blackduck Full Scan - uses: mercedesbenzio/detect-action@v1 + uses: mercedesbenzio/detect-action@v2 env: DETECT_PROJECT_USER_GROUPS: opencomponentmodel DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS diff --git a/.github/workflows/check-manifest-generation-diff.yaml b/.github/workflows/check-manifest-generation-diff.yaml index 6334a3c..e0d8107 100644 --- a/.github/workflows/check-manifest-generation-diff.yaml +++ b/.github/workflows/check-manifest-generation-diff.yaml @@ -20,7 +20,7 @@ jobs: with: go-version-file: '${{ github.workspace }}/go.mod' - name: Restore Go cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /home/runner/work/_temp/_github_home/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} diff --git a/.github/workflows/dispatch-e2e.yaml b/.github/workflows/dispatch-e2e.yaml index 5d21ee7..33c5789 100644 --- a/.github/workflows/dispatch-e2e.yaml +++ b/.github/workflows/dispatch-e2e.yaml @@ -16,7 +16,7 @@ jobs: app_id: ${{ secrets.OCMBOT_APP_ID }} private_key: ${{ secrets.OCMBOT_PRIV_KEY }} - name: Dispatch e2e test trigger - uses: peter-evans/repository-dispatch@v2 + uses: peter-evans/repository-dispatch@v3 with: token: ${{ steps.generate_token.outputs.token }} repository: open-component-model/MPAS diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml index 430fdc8..d7b8cb1 100644 --- a/.github/workflows/mend_scan.yaml +++ b/.github/workflows/mend_scan.yaml @@ -171,7 +171,7 @@ jobs: fi - name: Check if PR exists - uses: 8BitJonny/gh-get-current-pr@2.2.0 + uses: 8BitJonny/gh-get-current-pr@3.0.0 id: pr_exists with: filterOutClosed: true @@ -179,7 +179,7 @@ jobs: - name: Comment Mend Status on PR if: ${{ github.event_name != 'schedule' && steps.pr_exists.outputs.pr_found == 'true' }} - uses: thollander/actions-comment-pull-request@v2.4.3 + uses: thollander/actions-comment-pull-request@v3.0.0 with: message: | ## Mend Scan Summary: :${{ steps.report.outputs.status }}: diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml index 250f809..f406594 100644 --- a/.github/workflows/release-drafter.yaml +++ b/.github/workflows/release-drafter.yaml @@ -15,6 +15,6 @@ jobs: update_release_draft: runs-on: ubuntu-latest steps: - - uses: release-drafter/release-drafter@v5 + - uses: release-drafter/release-drafter@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e6736ed..ba360ae 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,7 +42,7 @@ jobs: with: go-version-file: '${{ github.workspace }}/go.mod' - name: Cache go-build and mod - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: | ~/.cache/go-build/ @@ -98,11 +98,11 @@ jobs: mkdir -p output kustomize build ./config/default > ./output/install.yaml - name: Setup Syft - uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11 + uses: anchore/sbom-action/download-syft@8d0a6505bf28ced3e85154d13dc6af83299e13f1 # v0.17.4 - name: Setup Cosign - uses: sigstore/cosign-installer@v3.5.0 + uses: sigstore/cosign-installer@v3.7.0 - name: Run goreleaser - uses: goreleaser/goreleaser-action@v5 + uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 9e79ac4..b04a2f4 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -26,7 +26,7 @@ jobs: with: go-version-file: '${{ github.workspace }}/go.mod' - name: Restore Go cache - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: /home/runner/work/_temp/_github_home/go/pkg/mod key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}