build(dependencies): bump the github-actions group across 1 directory…

… with 8 updates Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.7.0` | `2.8.1` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.1.7` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.1` | `4.3.3` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.2` | `4.1.7` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.0.0` | `3.3.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `5.1.0` | `6.2.0` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2676.0` | `12.2798.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.3` | `3.25.11` | Updates `step-security/harden-runner` from 2.7.0 to 2.8.1 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@63c24ba...17d0e2b) Updates `actions/checkout` from 4.1.1 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...692973e) Updates `actions/upload-artifact` from 4.3.1 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@5d5d22a...6546280) Updates `actions/download-artifact` from 4.1.2 to 4.1.7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@eaceaf8...65a9edc) Updates `docker/setup-buildx-action` from 3.0.0 to 3.3.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@f95db51...d70bba7) Updates `docker/build-push-action` from 5.1.0 to 6.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4a13e50...1556069) Updates `bridgecrewio/checkov-action` from 12.2676.0 to 12.2798.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@9420002...1aa570d) Updates `github/codeql-action` from 3.24.3 to 3.25.11 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3796146...b611370) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
wearefrank · Jul 1, 2024 · 5771727 · 5771727
1 parent 34175a2
commit 5771727
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 35 deletions.
diff --git a/.github/workflows/ci-generic.yml b/.github/workflows/ci-generic.yml
@@ -51,15 +51,15 @@ jobs:
     permissions:
       contents: read    
     steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         disable-sudo: true
         egress-policy: audit
         allowed-endpoints: >
           github.com:443
 
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
     - name: Update Instance BuildInfo.properties
       uses: wearefrank/ci-cd-templates/update-buildinfo@main
@@ -68,7 +68,7 @@ jobs:
         version: ${{ inputs.version }}
 
     - name: Upload Instance BuildInfo.properties
-      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 #4.3.1
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #4.3.3
       with:
         name: pre-build-instance-buildinfo
         path: ./*/main/resources/BuildInfo.properties

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,12 +10,12 @@ jobs:
   actionlinter:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
       - name: Lint GitHub Actions
         uses: docker://rhysd/actionlint:latest

diff --git a/.github/workflows/docker-ci-generic.yml b/.github/workflows/docker-ci-generic.yml
@@ -61,7 +61,7 @@ jobs:
       image-digest: ${{ steps.build.outputs.digest }}
       image-metadata: ${{ steps.build.outputs.metadata }}
     steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         disable-sudo: true
         egress-policy: audit
@@ -73,16 +73,16 @@ jobs:
           registry-1.docker.io:443
 
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
     - name: "Download Pre-build Artifacts"
-      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
       with:
         pattern: pre-build-*
         merge-multiple: true
 
     - name: "Download Build Artifacts"
-      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
       with:
         pattern: build-*
         merge-multiple: true
@@ -105,11 +105,11 @@ jobs:
       uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 #3.0.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #3.0.0
+      uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #3.3.0
 
     - name: Build and export Docker image
       id: build
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #5.1.0
+      uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 #6.2.0
       with:
         context: .
         platforms: linux/amd64
@@ -121,7 +121,7 @@ jobs:
         cache-to: type=gha,mode=max
 
     - name: "Upload Docker tar"
-      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 #4.3.1
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #4.3.3
       with:
         name: build-docker-image
         path: ./image.tar
@@ -133,7 +133,7 @@ jobs:
       contents: read 
     if: inputs.chekov-linter-enabled
     steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         disable-sudo: true
         egress-policy: audit
@@ -142,11 +142,11 @@ jobs:
           pypi.org:443
 
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
     - name: Lint Dockerfile with Checkov
       id: checkov
-      uses: bridgecrewio/checkov-action@94200023b0c8b45fdd614fe40f20d6d49915bff0 #12.2676.0
+      uses: bridgecrewio/checkov-action@1aa570d5235ac1bb571b6ad857c5ca3ba3670b74 #12.2798.0
       with:
         directory: .
         framework: dockerfile
@@ -158,13 +158,13 @@ jobs:
         output_file_path: reports/checkov-results.sarif
 
     - name: Upload Sarif report as artifact
-      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 #4.3.1
+      uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #4.3.3
       with:
         name: checkov-results
         path: reports/checkov-results.sarif
 
     - name: Upload to GitHub Security
-      uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 #3.24.3
+      uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c #3.25.11
       if: ${{ inputs.upload-sarif-to-security }}
       with:
         sarif_file: 'reports/checkov-results.sarif'
@@ -175,7 +175,7 @@ jobs:
   #   steps:
   #   -  
   #     name: "Download Docker tar"
-  #     uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+  #     uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
   #     with:
   #       name: docker
   #       path: .
@@ -201,7 +201,7 @@ jobs:
   #       hide-progress: false
   #   - 
   #     name: "Upload Sarif report as artifact"
-  #     uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 #4.3.1
+  #     uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 #4.3.3
   #     with:
   #       name: trivy-results
   #       path: trivy-results.sarif
@@ -219,15 +219,15 @@ jobs:
     if: inputs.run-frank-till-healthy-enabled
     needs: build
     steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         disable-sudo: true
         egress-policy: audit
         allowed-endpoints: >
           github.com:443
 
     - name: Download Docker tar
-      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
       with:
         name: build-docker-image
 
@@ -237,7 +237,7 @@ jobs:
         docker load --input image.tar
 
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
       with:
         token: ${{ secrets.token }}
 

diff --git a/.github/workflows/docker-release-generic.yml b/.github/workflows/docker-release-generic.yml
@@ -48,21 +48,21 @@ jobs:
       image-digest: ${{ steps.build.outputs.digest }}
       image-metadata: ${{ steps.build.outputs.metadata }}
     steps:
-    - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
     - name: "Download Pre-build Artifacts"
-      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
       with:
         pattern: pre-build-*
         merge-multiple: true
 
     - name: "Download Build Artifacts"
-      uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe #4.1.2
+      uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e #4.1.7
       with:
         pattern: build-*
         merge-multiple: true
@@ -85,7 +85,7 @@ jobs:
       uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 #3.0.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 #3.0.0
+      uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb #3.3.0
 
     - name: Login to Container Registry
       uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
@@ -95,7 +95,7 @@ jobs:
 
     - name: Build and export Docker image
       id: build
-      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #5.1.0
+      uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 #6.2.0
       with:
         context: .
         platforms: linux/amd64, linux/arm64

diff --git a/.github/workflows/docusaurus-release.yml b/.github/workflows/docusaurus-release.yml
@@ -30,12 +30,12 @@ jobs:
       pages: write
       id-token: write
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set Up Node.js
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

diff --git a/.github/workflows/ff-version-auto-bumper.yml b/.github/workflows/ff-version-auto-bumper.yml
@@ -81,7 +81,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # 4.1.1
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # 4.1.7
       with: 
         fetch-depth: 0
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -9,12 +9,12 @@ jobs:
   actionlinter:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
 
       - name: Lint GitHub Actions
         uses: docker://rhysd/actionlint:1.7.1
@@ -27,12 +27,12 @@ jobs:
     needs: 
       - actionlinter
     steps:
-      - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #4.1.1
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 #4.1.7
         with:
           token: ${{ secrets.WEAREFRANK_BOT_PAT }}