From a0824ea8168ed9b9e093778ba3fc7b0afb4c5e51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 18:19:07 +0000 Subject: [PATCH] update: bump the gh-actions-packages group across 1 directory with 6 updates Bumps the gh-actions-packages group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.6` | `4.1.7` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.25.6` | `3.25.10` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.3.3` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2762.0` | `12.2785.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `6.0.2` | | [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `4.2.1` | `4.3.0` | Updates `actions/checkout` from 4.1.6 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) Updates `github/codeql-action` from 3.25.6 to 3.25.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...23acc5c183826b7a8a97bce3cecc52db901f8251) Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/0c155c5e8556a497adf53f2c18edabf945ed8e70...72eb03d02c7872a771aacd928f3123ac62ad6d3a) Updates `bridgecrewio/checkov-action` from 12.2762.0 to 12.2785.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](https://github.com/bridgecrewio/checkov-action/compare/cbef505ba3282486a24541d7c862e19266ad0d96...d3328add8f0c9461fb3fe0739296f1cee85f7c2b) Updates `docker/build-push-action` from 5.3.0 to 6.0.2 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/2cdde995de11925a030ce8070c3d77a52ffcf1c0...f6010ea70151369b06f0194be1051fbbdff851b2) Updates `mikepenz/action-junit-report` from 4.2.1 to 4.3.0 - [Release notes](https://github.com/mikepenz/action-junit-report/releases) - [Commits](https://github.com/mikepenz/action-junit-report/compare/9379f0ccddcab154835d4e2487555ee79614fe95...eb1a2b2dbd4c45341235503b2c3edfa46d2ec3de) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: mikepenz/action-junit-report dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] --- .github/workflows/.reusable-build.yml | 4 +-- .github/workflows/.reusable-compliance.yml | 10 +++--- .github/workflows/.reusable-docs.yml | 2 +- .../workflows/.reusable-integration-test.yml | 8 ++--- .github/workflows/.reusable-sast.yml | 36 +++++++++---------- .github/workflows/.reusable-sca.yml | 4 +-- .github/workflows/.reusable-unit-test.yml | 10 +++--- .github/workflows/semgrep.yml | 2 +- 8 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/.reusable-build.yml b/.github/workflows/.reusable-build.yml index 0ac0b11..3e80a22 100644 --- a/.github/workflows/.reusable-build.yml +++ b/.github/workflows/.reusable-build.yml @@ -63,7 +63,7 @@ jobs: build_labels: ${{ steps.get_context.outputs.build_labels }} steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Get context id: get_context uses: ./.github/actions/context @@ -79,7 +79,7 @@ jobs: packages: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Build semgr8s id: build uses: ./.github/actions/build diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml index 7f575c0..e0e3113 100644 --- a/.github/workflows/.reusable-compliance.yml +++ b/.github/workflows/.reusable-compliance.yml @@ -22,7 +22,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false - name: Analyze @@ -33,7 +33,7 @@ jobs: repo_token: ${{ secrets.SCORECARD_TOKEN }} publish_results: false #TODO: reactivate when working again - name: Upload - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif @@ -49,9 +49,9 @@ jobs: pull-requests: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Review - uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2 + uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3 with: comment-summary-in-pr: always @@ -63,7 +63,7 @@ jobs: permissions: {} steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.event.pull_request.head.sha }} # Otherwise will checkout merge commit, which isn't conform fetch-depth: ${{ github.event.pull_request.commits }} # Fetch all commits of the MR, but only those diff --git a/.github/workflows/.reusable-docs.yml b/.github/workflows/.reusable-docs.yml index 7140f22..4cbde3a 100644 --- a/.github/workflows/.reusable-docs.yml +++ b/.github/workflows/.reusable-docs.yml @@ -20,7 +20,7 @@ jobs: contents: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - name: Set release env diff --git a/.github/workflows/.reusable-integration-test.yml b/.github/workflows/.reusable-integration-test.yml index 18ccfc1..6183430 100644 --- a/.github/workflows/.reusable-integration-test.yml +++ b/.github/workflows/.reusable-integration-test.yml @@ -47,7 +47,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Login with registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: @@ -102,7 +102,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Login with registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: @@ -157,7 +157,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Login with registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: @@ -212,7 +212,7 @@ jobs: ] steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Login with registry uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml index d1cb5b9..7f0785b 100644 --- a/.github/workflows/.reusable-sast.yml +++ b/.github/workflows/.reusable-sast.yml @@ -25,7 +25,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: @@ -48,7 +48,7 @@ jobs: run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: 'bandit-results.sarif' @@ -60,7 +60,7 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: @@ -89,7 +89,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Render Helm charts run: | rm -rf tests # remove 'tests' folder from scan @@ -99,14 +99,14 @@ jobs: shell: bash - name: Scan if: inputs.output == 'table' - uses: bridgecrewio/checkov-action@cbef505ba3282486a24541d7c862e19266ad0d96 # v12.2762.0 + uses: bridgecrewio/checkov-action@d3328add8f0c9461fb3fe0739296f1cee85f7c2b # v12.2785.0 with: skip_check: CKV_DOCKER_2 output_format: cli soft_fail: false - name: Scan if: inputs.output == 'sarif' - uses: bridgecrewio/checkov-action@cbef505ba3282486a24541d7c862e19266ad0d96 # v12.2762.0 + uses: bridgecrewio/checkov-action@d3328add8f0c9461fb3fe0739296f1cee85f7c2b # v12.2785.0 with: skip_check: CKV_DOCKER_2 output_file_path: console,checkov-results.sarif @@ -114,7 +114,7 @@ jobs: soft_fail: true - name: Upload if: inputs.output == 'sarif' - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: checkov-results.sarif @@ -129,13 +129,13 @@ jobs: pull-requests: read steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: languages: 'python' - name: Analyze - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 hadolint: runs-on: ubuntu-latest @@ -147,7 +147,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Scan uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0 if: inputs.output == 'table' @@ -164,7 +164,7 @@ jobs: no-fail: true output-file: hadolint-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 if: inputs.output == 'sarif' with: sarif_file: 'hadolint-results.sarif' @@ -179,7 +179,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Scan uses: stackrox/kube-linter-action@5792edc6a03735d592b13c08201711327a935735 # v1.0.5 if: inputs.output == 'table' @@ -197,7 +197,7 @@ jobs: format: sarif output-file: kubelinter-results.sarif - name: Upload - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 if: inputs.output == 'sarif' with: sarif_file: 'kubelinter-results.sarif' @@ -209,7 +209,7 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: @@ -241,7 +241,7 @@ jobs: SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Scan if: inputs.output == 'table' run: semgrep ci --config=auto --suppress-errors --text @@ -249,7 +249,7 @@ jobs: if: inputs.output == 'sarif' run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0 - name: Upload - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 if: inputs.output == 'sarif' with: sarif_file: semgrep-results.sarif @@ -265,7 +265,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run Trivy uses: ./.github/actions/trivy-config with: diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml index 69e487d..949d10b 100644 --- a/.github/workflows/.reusable-sca.yml +++ b/.github/workflows/.reusable-sca.yml @@ -41,7 +41,7 @@ jobs: image: docker:stable steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run uses: ./.github/actions/trivy-image with: @@ -64,7 +64,7 @@ jobs: image: docker:stable steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Run uses: ./.github/actions/grype with: diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml index bf37903..3e44ff5 100644 --- a/.github/workflows/.reusable-unit-test.yml +++ b/.github/workflows/.reusable-unit-test.yml @@ -19,11 +19,11 @@ jobs: if: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Set up Docker buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - name: Build test image - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@f6010ea70151369b06f0194be1051fbbdff851b2 # v6.0.2 with: push: false load: true @@ -46,7 +46,7 @@ jobs: pytest-coverage-path: tests/pytest-coverage.txt junitxml-path: tests/pytest.xml - name: Publish Test Report - uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1 + uses: mikepenz/action-junit-report@eb1a2b2dbd4c45341235503b2c3edfa46d2ec3de # v4.3.0 if: success() || failure() # always run even if the previous step fails with: report_paths: 'tests/pytest.xml' @@ -59,7 +59,7 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: @@ -88,7 +88,7 @@ jobs: inputs.skip != 'all' steps: - name: Checkout code - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Install python uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 0da00e1..393442a 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -18,5 +18,5 @@ jobs: container: image: semgrep/semgrep steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: semgrep ci