From 27a160d136148f9fe84a72f4f99b33c58508d740 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Mar 2025 11:56:03 +0000 Subject: [PATCH] ci: bump the github-actions group with 4 updates (#16966) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps the github-actions group with 4 updates: [docker/login-action](https://github.com/docker/login-action), [tj-actions/changed-files](https://github.com/tj-actions/changed-files), [nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `docker/login-action` from 3.3.0 to 3.4.0
Release notes

Sourced from docker/login-action's releases.

v3.4.0

Full Changelog: https://github.com/docker/login-action/compare/v3.3.0...v3.4.0

Commits

Updates `tj-actions/changed-files` from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 531f5f7d163941f0c1c04e0ff4d8bb243ac4366f
Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

46.0.1 - (2025-03-16)

🔄 Update

Co-authored-by: github-actions[bot] (2f7c5bf) - (github-actions[bot])

46.0.0 - (2025-03-16)

🐛 Bug Fixes

➖ Remove

🔄 Update

Co-authored-by: github-actions[bot] (5cbf220) - (github-actions[bot])

📚 Documentation

45.0.9 - (2025-03-15)

🐛 Bug Fixes

⚙️ Miscellaneous Tasks

... (truncated)

Commits

Updates `nix-community/cache-nix-action` from 6.1.1 to 6.1.2
Release notes

Sourced from nix-community/cache-nix-action's releases.

v6.1.2

Fixes

Commits

Updates `aquasecurity/trivy-action` from 0.29.0 to 0.30.0
Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.30.0

What's Changed

New Contributors

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.30.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 2 +- .github/workflows/docker-base.yaml | 2 +- .github/workflows/docs-ci.yaml | 2 +- .github/workflows/dogfood.yaml | 4 ++-- .github/workflows/pr-deploy.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/security.yaml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 9c3e335103..ee97e675cb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1045,7 +1045,7 @@ jobs: fetch-depth: 0 - name: GHCR Login - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml index 6ec4c6f7fc..d318c16d92 100644 --- a/.github/workflows/docker-base.yaml +++ b/.github/workflows/docker-base.yaml @@ -46,7 +46,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Docker login - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/docs-ci.yaml b/.github/workflows/docs-ci.yaml index 37e8c56268..5a42654e15 100644 --- a/.github/workflows/docs-ci.yaml +++ b/.github/workflows/docs-ci.yaml @@ -28,7 +28,7 @@ jobs: - name: Setup Node uses: ./.github/actions/setup-node - - uses: tj-actions/changed-files@dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 # v45.0.7 + - uses: tj-actions/changed-files@531f5f7d163941f0c1c04e0ff4d8bb243ac4366f # v45.0.7 id: changed-files with: files: | diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index a945535c06..a984f0e424 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -37,7 +37,7 @@ jobs: - name: Setup Nix uses: nixbuild/nix-quick-install-action@5bb6a3b3abe66fd09bbf250dce8ada94f856a703 # v30 - - uses: nix-community/cache-nix-action@aee88ae5efbbeb38ac5d9862ecbebdb404a19e69 # v6.1.1 + - uses: nix-community/cache-nix-action@c448f065ba14308da81de769632ca67a3ce67cf5 # v6.1.2 with: # restore and save a cache using this key primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }} @@ -76,7 +76,7 @@ jobs: - name: Login to DockerHub if: github.ref == 'refs/heads/main' - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index 19bad3fc77..b8b6705fe0 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -237,7 +237,7 @@ jobs: uses: ./.github/actions/setup-sqlc - name: GHCR Login - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index b108409dda..fbb86d7aaf 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -208,7 +208,7 @@ jobs: cat "$CODER_RELEASE_NOTES_FILE" - name: Docker Login - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 03ee574b90..3b90616f84 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -136,7 +136,7 @@ jobs: echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 + uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 with: image-ref: ${{ steps.build.outputs.image }} format: sarif