refactor: bump default actions/runtime ref (#169)

* modules: re-generate gha modules with new actions/runtime ref

* refactor: bump default actions/runtime ref

daggerverse/actions/generator/generator.go

@@ -6,7 +6,7 @@ import (
  "strings"
 )
 
-const DefaultRuntimeRef = "01999763545556511d53a8649fb66ffe4e977d8f"
+const DefaultRuntimeRef = "c9b01b328a59ec6452eb451ebf0e9b2a1280a504"
 
 // ActionsGenerator generates dagger modules using Github Actions.
 type ActionsGenerator struct{}

daggerverse/gha/actions/hello-world-javascript-action/README.md

@@ -29,10 +29,10 @@ Replace `<module-path>` with the local path or a git repo reference to the modul
 
 | Flag | Required | Description | 
 | ------| ------| ------| 
+| --source | Conditional | The directory containing the repository source. Either `--source` or `--repo` must be provided; `--source` takes precedence. |
+| --repo | Conditional | The name of the repository (owner/name). Either `--source` or `--repo` must be provided; `--source` takes precedence. |
+| --tag | Conditional | Tag name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
 | --branch | Conditional | Branch name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
 | --runner-image | Optional | Image to use for the runner. |
 | --runner-debug | Optional | Enables debug mode. |
 | --token | Optional | GitHub token is optional for running the action. However, be aware that certain custom actions may require a token and could fail if it's not provided. |
-| --source | Conditional | The directory containing the repository source. Either `--source` or `--repo` must be provided; `--source` takes precedence. |
-| --repo | Conditional | The name of the repository (owner/name). Either `--source` or `--repo` must be provided; `--source` takes precedence. |
-| --tag | Conditional | Tag name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |

daggerverse/gha/actions/hello-world-javascript-action/dagger.json

@@ -2,6 +2,6 @@
  "name": "hello-world-javascript-action",
  "sdk": "go",
  "dependencies": [
- "github.com/aweris/gale/daggerverse/actions/runtime@01999763545556511d53a8649fb66ffe4e977d8f"
+ "github.com/aweris/gale/daggerverse/actions/runtime@c9b01b328a59ec6452eb451ebf0e9b2a1280a504"
  ]
 }

daggerverse/gha/aquasecurity/trivy-action/README.md

@@ -22,40 +22,40 @@ Replace `<module-path>` with the local path or a git repo reference to the modul
 
 | Name | Required | Description | Default | 
 | ------| ------| ------| ------| 
-| --with-timeout | false | timeout (default 5m0s) | |
-| --with-scanners | false | comma-separated list of what security issues to detect | |
-| --with-github-pat | false | GitHub Personal Access Token (PAT) for submitting SBOM to GitHub Dependency Snapshot API | |
-| --with-format | false | output format (table, json, template) | table |
-| --with-skip-dirs | false | comma separated list of directories where traversal is skipped | |
-| --with-cache-dir | false | specify where the cache is stored | |
-| --with-list-all-pkgs | false | output all packages regardless of vulnerability | false |
-| --with-input | false | reference of tar file to scan | |
-| --with-scan-ref | false | Scan reference | . |
+| --with-output | false | writes results to a file with the specified file name | |
+| --with-ignore-policy | false | filter vulnerabilities with OPA rego language | |
+| --with-trivy-config | false | path to trivy.yaml config | |
+| --with-limit-severities-for-sarif | false | limit severities for SARIF format | |
 | --with-exit-code | false | exit code when vulnerabilities were found | |
+| --with-ignore-unfixed | false | ignore unfixed vulnerabilities | false |
 | --with-severity | false | severities of vulnerabilities to be displayed | UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL |
+| --with-cache-dir | false | specify where the cache is stored | |
+| --with-hide-progress | false | hide progress output | |
 | --with-artifact-type | false | input artifact type (image, fs, repo, archive) for SBOM generation | |
-| --with-ignore-unfixed | false | ignore unfixed vulnerabilities | false |
-| --with-vuln-type | false | comma-separated list of vulnerability types (os,library) | os,library |
+| --with-input | false | reference of tar file to scan |  |
+| --with-scan-ref | false | Scan reference | . |
 | --with-template | false | use an existing template for rendering output (@/contrib/gitlab.tpl, @/contrib/junit.tpl, @/contrib/html.tpl) | |
-| --with-output | false | writes results to a file with the specified file name | |
-| --with-hide-progress | false | hide progress output | |
-| --with-trivyignores | false | comma-separated list of relative paths in repository to one or more .trivyignore files | |
-| --with-trivy-config | false | path to trivy.yaml config | |
-| --with-limit-severities-for-sarif | false | limit severities for SARIF format | |
-| --with-scan-type | false | Scan type to use for scanning vulnerability | image |
+| --with-skip-dirs | false | comma separated list of directories where traversal is skipped | |
+| --with-timeout | false | timeout (default 5m0s) | |
+| --with-list-all-pkgs | false | output all packages regardless of vulnerability | false |
 | --with-image-ref | false | image reference(for backward compatibility) | |
+| --with-vuln-type | false | comma-separated list of vulnerability types (os,library) | os,library |
 | --with-skip-files | false | comma separated list of files to be skipped | |
-| --with-ignore-policy | false | filter vulnerabilities with OPA rego language | |
+| --with-scanners | false | comma-separated list of what security issues to detect | |
+| --with-trivyignores | false | comma-separated list of relative paths in repository to one or more .trivyignore files | |
+| --with-github-pat | false | GitHub Personal Access Token (PAT) for submitting SBOM to GitHub Dependency Snapshot API | |
+| --with-scan-type | false | Scan type to use for scanning vulnerability | image |
+| --with-format | false | output format (table, json, template) | table |
 
 
 ### Action Runtime Inputs
 
 | Flag | Required | Description | 
 | ------| ------| ------| 
+| --tag | Conditional | Tag name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
+| --branch | Conditional | Branch name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
 | --runner-image | Optional | Image to use for the runner. |
 | --runner-debug | Optional | Enables debug mode. |
 | --token | Optional | GitHub token is optional for running the action. However, be aware that certain custom actions may require a token and could fail if it's not provided. |
 | --source | Conditional | The directory containing the repository source. Either `--source` or `--repo` must be provided; `--source` takes precedence. |
 | --repo | Conditional | The name of the repository (owner/name). Either `--source` or `--repo` must be provided; `--source` takes precedence. |
-| --tag | Conditional | Tag name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
-| --branch | Conditional | Branch name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |

daggerverse/gha/aquasecurity/trivy-action/dagger.json

@@ -2,6 +2,6 @@
  "name": "trivy-action",
  "sdk": "go",
  "dependencies": [
- "github.com/aweris/gale/daggerverse/actions/runtime@01999763545556511d53a8649fb66ffe4e977d8f"
+ "github.com/aweris/gale/daggerverse/actions/runtime@c9b01b328a59ec6452eb451ebf0e9b2a1280a504"
  ]
 }

daggerverse/gha/aquasecurity/trivy-action/go.mod

@@ -1,6 +1,6 @@
 module trivy-action
 
-go 1.21.2
+go 1.21
 
 require (
  github.com/99designs/gqlgen v0.17.31

daggerverse/gha/trufflesecurity/trufflehog/README.md

@@ -32,10 +32,10 @@ Replace `<module-path>` with the local path or a git repo reference to the modul
 
 | Flag | Required | Description | 
 | ------| ------| ------| 
-| --runner-image | Optional | Image to use for the runner. |
-| --runner-debug | Optional | Enables debug mode. |
 | --token | Optional | GitHub token is optional for running the action. However, be aware that certain custom actions may require a token and could fail if it's not provided. |
 | --source | Conditional | The directory containing the repository source. Either `--source` or `--repo` must be provided; `--source` takes precedence. |
 | --repo | Conditional | The name of the repository (owner/name). Either `--source` or `--repo` must be provided; `--source` takes precedence. |
 | --tag | Conditional | Tag name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
 | --branch | Conditional | Branch name to check out. Only works with `--repo`. Either `--tag` or `--branch` must be provided; `--tag` takes precedence. |
+| --runner-image | Optional | Image to use for the runner. |
+| --runner-debug | Optional | Enables debug mode. |

daggerverse/gha/trufflesecurity/trufflehog/dagger.json

@@ -2,6 +2,6 @@
  "name": "trufflehog",
  "sdk": "go",
  "dependencies": [
- "github.com/aweris/gale/daggerverse/actions/runtime@01999763545556511d53a8649fb66ffe4e977d8f"
+ "github.com/aweris/gale/daggerverse/actions/runtime@c9b01b328a59ec6452eb451ebf0e9b2a1280a504"
  ]
 }

go.work

@@ -6,6 +6,7 @@ use (
  daggerverse/actions/runtime
  daggerverse/gale
  daggerverse/gha/actions/hello-world-javascript-action
+ daggerverse/gha/aquasecurity/trivy-action
  daggerverse/gha/trufflesecurity/trufflehog
  daggerverse/repo
  daggerverse/source