From 3d84d5219a3f2e1a211d31eebc05dc1c90850aa3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 09:45:39 +0000 Subject: [PATCH] build(deps): Bump the actions group across 1 directory with 11 updates Bumps the actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.7` | `4.2.1` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.1.0` | `6.1.1` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.54.0` | `1.57.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.6.0` | `3.7.0` | | [theupdateframework/tuf-on-ci](https://github.com/theupdateframework/tuf-on-ci) | `0.12.0` | `0.13.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.6` | `4.4.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.3` | `4.0.4` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.2.2` | `4.4.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.4` | `2.1.6` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.17.1` | `0.17.2` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.1.1` | Updates `actions/checkout` from 4.1.7 to 4.2.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) Updates `golangci/golangci-lint-action` from 6.1.0 to 6.1.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/aaa42aa0628b4ae2578232a66b541047968fac86...971e284b6050e8a5849b72094c50ab08da042db8) Updates `reviewdog/action-actionlint` from 1.54.0 to 1.57.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](https://github.com/reviewdog/action-actionlint/compare/4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a...7eeec1dd160c2301eb28e1568721837d084558ad) Updates `sigstore/cosign-installer` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/4959ce089c160fddf62f7b42464195ba1a56d382...dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da) Updates `theupdateframework/tuf-on-ci` from 0.12.0 to 0.13.0 - [Release notes](https://github.com/theupdateframework/tuf-on-ci/releases) - [Changelog](https://github.com/theupdateframework/tuf-on-ci/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/theupdateframework/tuf-on-ci/compare/89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a...27c49c016591c7cfea57f6b15296f714a5c4a5f6) Updates `actions/upload-artifact` from 4.3.6 to 4.4.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...84480863f228bb9747b473957fcc9e309aa96097) Updates `actions/setup-node` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/1e60f620b9541d16bece96c5465dc8ee9832be0b...0a44ba7841725637a19e28fa30b79a866c81b0a6) Updates `actions/setup-java` from 4.2.2 to 4.4.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/6a0805fcefea3d4657a47ac4c165951e33482018...b36c23c0d998641eff861008f374ee103c25ac73) Updates `google-github-actions/auth` from 2.1.4 to 2.1.6 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/google-github-actions/auth/compare/f112390a2df9932162083945e46d439060d66ec2...8254fb75a33b976a221574d287e93919e6a36f70) Updates `anchore/sbom-action` from 0.17.1 to 0.17.2 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](https://github.com/anchore/sbom-action/compare/ab9d16d4b419c9d1a02df5213fa0ebe965ca5a57...61119d458adab75f756bc0b9e4bde25725f86a7a) Updates `actions/cache` from 4.0.2 to 4.1.1 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...3624ceb22c1c5a301c8db4169662070a689d9ea8) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: reviewdog/action-actionlint dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: theupdateframework/tuf-on-ci dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: google-github-actions/auth dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/ci-test.yml | 16 ++++++++-------- .github/workflows/cosign-test.yml | 4 ++-- .github/workflows/create-signing-events.yml | 4 ++-- .github/workflows/custom-test.yml | 10 +++++----- .github/workflows/delegation-pop-verify.yml | 2 +- .github/workflows/deploy-to-gcs.yml | 2 +- .github/workflows/initialize.yml | 10 +++++----- .github/workflows/online-sign.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/release.yml | 6 +++--- .../workflows/reuseable-snapshot-timestamp.yml | 8 ++++---- .github/workflows/review-snapshot-timestamp.yml | 2 +- .github/workflows/signing-event.yml | 2 +- .github/workflows/stable-snapshot-timestamp.yml | 2 +- .github/workflows/stable-timestamp.yml | 2 +- .github/workflows/sync-ceremony-to-main.yml | 2 +- .../workflows/sync-main-to-preprod-and-prod.yml | 4 ++-- .github/workflows/sync-main-to-preprod.yml | 4 ++-- .github/workflows/sync-preprod-to-prod.yml | 2 +- .github/workflows/test-gcs.yml | 6 +++--- .github/workflows/test.yml | 6 +++--- .github/workflows/tuf_client_tests.yml | 8 ++++---- .github/workflows/validate.yml | 2 +- 23 files changed, 56 insertions(+), 56 deletions(-) diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml index 46e5e7eb..a9067e41 100644 --- a/.github/workflows/ci-test.yml +++ b/.github/workflows/ci-test.yml @@ -28,20 +28,20 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: './go.mod' check-latest: true - name: golangci-lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: v1.59 yamllint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set up Python uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: @@ -58,9 +58,9 @@ jobs: actionlint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Check workflow files - uses: reviewdog/action-actionlint@4f8f9963ca57a41e5fd5b538dd79dbfbd3e0b38a # v1.54.0 + uses: reviewdog/action-actionlint@7eeec1dd160c2301eb28e1568721837d084558ad # v1.57.0 # TODO(asraa): Re-enable shellcheck from actionlint with: actionlint_flags: -color -shellcheck= @@ -68,7 +68,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: './go.mod' @@ -84,7 +84,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: './go.mod' @@ -103,7 +103,7 @@ jobs: name: Shellcheck runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Run ShellCheck uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0 env: diff --git a/.github/workflows/cosign-test.yml b/.github/workflows/cosign-test.yml index fe792b58..cb85e0fd 100644 --- a/.github/workflows/cosign-test.yml +++ b/.github/workflows/cosign-test.yml @@ -29,13 +29,13 @@ jobs: runs-on: ubuntu-latest steps: # Install cosign - - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 # Set up a repository server with python - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0 with: python-version: '3.x' - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 2 - run: | diff --git a/.github/workflows/create-signing-events.yml b/.github/workflows/create-signing-events.yml index 6dfce059..b1239f1d 100644 --- a/.github/workflows/create-signing-events.yml +++ b/.github/workflows/create-signing-events.yml @@ -16,7 +16,7 @@ jobs: actions: 'write' # for dispatching signing event workflow steps: - name: Create signing events for offline version bumps - uses: theupdateframework/tuf-on-ci/actions/create-signing-events@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/create-signing-events@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} @@ -28,7 +28,7 @@ jobs: issues: 'write' # for modifying Issues steps: - name: Update the issue for the workflow - uses: theupdateframework/tuf-on-ci/actions/update-issue@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} success: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/custom-test.yml b/.github/workflows/custom-test.yml index 29cb91af..b081ef40 100644 --- a/.github/workflows/custom-test.yml +++ b/.github/workflows/custom-test.yml @@ -42,7 +42,7 @@ jobs: python -m sigstore verify github --cert-identity $IDENTITY --bundle artifact.sigstore.json artifact - name: Upload the bundle for other clients to verify - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2 with: name: bundle path: artifact.sigstore.json @@ -51,7 +51,7 @@ jobs: cosign: runs-on: ubuntu-latest steps: - - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Download initial root run: curl -o root.json ${METADATA_URL}/1.root.json @@ -111,7 +111,7 @@ jobs: runs-on: ubuntu-latest needs: [sigstore-python] steps: - - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 - name: Install sigstore-js run: npm install -g @sigstore/cli @@ -141,7 +141,7 @@ jobs: needs: [sigstore-python] steps: - name: Set up JDK - uses: actions/setup-java@6a0805fcefea3d4657a47ac4c165951e33482018 # v4.2.2 + uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # v4.4.0 with: java-version: 17 distribution: 'temurin' @@ -149,7 +149,7 @@ jobs: - name: Setup Gradle uses: gradle/actions/setup-gradle@v4 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: repository: "sigstore/sigstore-java" fetch-tags: true diff --git a/.github/workflows/delegation-pop-verify.yml b/.github/workflows/delegation-pop-verify.yml index 50a43bb4..d80e2c11 100644 --- a/.github/workflows/delegation-pop-verify.yml +++ b/.github/workflows/delegation-pop-verify.yml @@ -34,7 +34,7 @@ jobs: PR_NUMBER: ${{ github.event.pull_request.number }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/deploy-to-gcs.yml b/.github/workflows/deploy-to-gcs.yml index e9596b60..850c1273 100644 --- a/.github/workflows/deploy-to-gcs.yml +++ b/.github/workflows/deploy-to-gcs.yml @@ -23,7 +23,7 @@ jobs: tar --directory repository -xvf artifact.tar # NOTE: This gcloud project/account is NOT the tuf-on-ci online signing account - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 with: token_format: access_token workload_identity_provider: projects/306323169285/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider diff --git a/.github/workflows/initialize.yml b/.github/workflows/initialize.yml index 2280d1a6..24a5847e 100644 --- a/.github/workflows/initialize.yml +++ b/.github/workflows/initialize.yml @@ -44,7 +44,7 @@ jobs: check_branch: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Check if remote branch exists @@ -64,7 +64,7 @@ jobs: permissions: id-token: 'write' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 # TODO(https://github.com/sigstore/root-signing/issues/98): Use a common configuration checked into source control @@ -82,7 +82,7 @@ jobs: go-version-file: './go.mod' check-latest: true # Setup OIDC->SA auth for signing with KMS - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' @@ -108,7 +108,7 @@ jobs: run: | ./scripts/step-1.5.sh ${{ inputs.revoke_key }} - name: Upload new repository - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2 with: name: ${{ inputs.repo }} path: ${{ inputs.repo }} @@ -121,7 +121,7 @@ jobs: pull-requests: 'write' contents: 'write' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ inputs.branch }} fetch-depth: 0 diff --git a/.github/workflows/online-sign.yml b/.github/workflows/online-sign.yml index 92d1c1f2..7a82b36e 100644 --- a/.github/workflows/online-sign.yml +++ b/.github/workflows/online-sign.yml @@ -20,7 +20,7 @@ jobs: actions: 'write' # for dispatching publish workflow steps: - id: online-sign - uses: theupdateframework/tuf-on-ci/actions/online-sign@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/online-sign@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} gcp_workload_identity_provider: 'projects/163070369698/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-provider' @@ -35,7 +35,7 @@ jobs: issues: 'write' # for modifying Issues steps: - name: Update the issue for the workflow - uses: theupdateframework/tuf-on-ci/actions/update-issue@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} success: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f46eeded..1d8ff9f4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - id: build-and-upload-repository - uses: theupdateframework/tuf-on-ci/actions/upload-repository@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/upload-repository@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: gh_pages: true ref: ${{ inputs.ref }} @@ -67,7 +67,7 @@ jobs: issues: 'write' # for modifying Issues steps: - name: Update the issue for the workflow - uses: theupdateframework/tuf-on-ci/actions/update-issue@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} success: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 834d1b17..4ae46fa4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -31,15 +31,15 @@ jobs: outputs: hashes: ${{ steps.hash.outputs.hashes }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: './go.mod' check-latest: true - - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 - - uses: anchore/sbom-action/download-syft@ab9d16d4b419c9d1a02df5213fa0ebe965ca5a57 # v0.17.1 + - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 + - uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2 - uses: imjasonh/setup-ko@3aebd0597dc1e9d1a26bcfdb7cbeb19c131d3037 # v0.7 - name: Set LDFLAGS diff --git a/.github/workflows/reuseable-snapshot-timestamp.yml b/.github/workflows/reuseable-snapshot-timestamp.yml index c0a9f1e3..ee7adf90 100644 --- a/.github/workflows/reuseable-snapshot-timestamp.yml +++ b/.github/workflows/reuseable-snapshot-timestamp.yml @@ -73,7 +73,7 @@ jobs: permissions: id-token: 'write' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ inputs.branch }} @@ -91,7 +91,7 @@ jobs: go-version-file: './go.mod' check-latest: true # Setup OIDC->SA auth - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' @@ -141,7 +141,7 @@ jobs: git format-patch HEAD^ -o snapshot-timestamp - name: Upload snapshot and timestamp - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 + uses: actions/upload-artifact@84480863f228bb9747b473957fcc9e309aa96097 # v4.4.2 with: name: snapshot-timestamp path: snapshot-timestamp @@ -178,7 +178,7 @@ jobs: pull-requests: 'write' contents: 'write' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ inputs.branch }} diff --git a/.github/workflows/review-snapshot-timestamp.yml b/.github/workflows/review-snapshot-timestamp.yml index f5491882..8f9e926c 100644 --- a/.github/workflows/review-snapshot-timestamp.yml +++ b/.github/workflows/review-snapshot-timestamp.yml @@ -33,7 +33,7 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SIGSTORE_REVIEW_BOT_FINE_GRAINED_PAT }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - run: | set -euo pipefail ./.github/workflows/scripts/review-pull-request.sh diff --git a/.github/workflows/signing-event.yml b/.github/workflows/signing-event.yml index b5d9615c..b451408e 100644 --- a/.github/workflows/signing-event.yml +++ b/.github/workflows/signing-event.yml @@ -19,6 +19,6 @@ jobs: steps: - name: Signing event - uses: theupdateframework/tuf-on-ci/actions/signing-event@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/signing-event@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stable-snapshot-timestamp.yml b/.github/workflows/stable-snapshot-timestamp.yml index 4f765680..5ae59d32 100644 --- a/.github/workflows/stable-snapshot-timestamp.yml +++ b/.github/workflows/stable-snapshot-timestamp.yml @@ -50,7 +50,7 @@ jobs: env: FORCE_SNAPSHOT: ${{ inputs.force_snapshot }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Determine whether to run a snapshot/timestamp diff --git a/.github/workflows/stable-timestamp.yml b/.github/workflows/stable-timestamp.yml index fd5f643c..6fd89fd1 100644 --- a/.github/workflows/stable-timestamp.yml +++ b/.github/workflows/stable-timestamp.yml @@ -44,7 +44,7 @@ jobs: env: FORCE_TIMESTAMP: ${{ inputs.force_timestamp }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - name: Determine whether to create a timestamp diff --git a/.github/workflows/sync-ceremony-to-main.yml b/.github/workflows/sync-ceremony-to-main.yml index b239d860..59cfe94a 100644 --- a/.github/workflows/sync-ceremony-to-main.yml +++ b/.github/workflows/sync-ceremony-to-main.yml @@ -44,7 +44,7 @@ jobs: contents: 'write' runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/sync-main-to-preprod-and-prod.yml b/.github/workflows/sync-main-to-preprod-and-prod.yml index 5b4c680c..f83df897 100644 --- a/.github/workflows/sync-main-to-preprod-and-prod.yml +++ b/.github/workflows/sync-main-to-preprod-and-prod.yml @@ -42,7 +42,7 @@ jobs: permissions: id-token: 'write' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -50,7 +50,7 @@ jobs: go-version-file: './go.mod' check-latest: true # Setup OIDC->SA auth - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' diff --git a/.github/workflows/sync-main-to-preprod.yml b/.github/workflows/sync-main-to-preprod.yml index 4c3be18e..1ce4dedf 100644 --- a/.github/workflows/sync-main-to-preprod.yml +++ b/.github/workflows/sync-main-to-preprod.yml @@ -36,7 +36,7 @@ jobs: id-token: 'write' runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -44,7 +44,7 @@ jobs: go-version-file: './go.mod' check-latest: true # Setup OIDC->SA auth - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' diff --git a/.github/workflows/sync-preprod-to-prod.yml b/.github/workflows/sync-preprod-to-prod.yml index 5cfe94a0..23af47f4 100644 --- a/.github/workflows/sync-preprod-to-prod.yml +++ b/.github/workflows/sync-preprod-to-prod.yml @@ -26,7 +26,7 @@ jobs: id-token: 'write' steps: # Setup OIDC->SA auth - - uses: google-github-actions/auth@f112390a2df9932162083945e46d439060d66ec2 # v2.1.4 + - uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6 id: auth with: token_format: 'access_token' diff --git a/.github/workflows/test-gcs.yml b/.github/workflows/test-gcs.yml index 4c1d7a08..0fa6b3d1 100644 --- a/.github/workflows/test-gcs.yml +++ b/.github/workflows/test-gcs.yml @@ -13,13 +13,13 @@ jobs: smoke-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set initial root for the smoke test run: cp metadata/root_history/5.root.json ./root.json - name: Smoke test Sigstore TUF repository with a TUF client - uses: theupdateframework/tuf-on-ci/actions/test-repository@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/test-repository@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: metadata_url: https://tuf-repo-cdn.sigstore.dev/ valid_days: 3 @@ -41,7 +41,7 @@ jobs: issues: 'write' # for modifying Issues steps: - name: Update the issue for the workflow - uses: theupdateframework/tuf-on-ci/actions/update-issue@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} success: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 950da4ff..59c0c2d3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,13 +13,13 @@ jobs: smoke-test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Set initial root for the smoke test run: cp metadata/root_history/5.root.json ./root.json - name: Smoke test TUF-on-CI repository with a TUF client - uses: theupdateframework/tuf-on-ci/actions/test-repository@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/test-repository@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: metadata_url: https://sigstore.github.io/root-signing/ update_base_url: https://tuf-repo-cdn.sigstore.dev/ @@ -42,7 +42,7 @@ jobs: issues: 'write' # for modifying Issues steps: - name: Update the issue for the workflow - uses: theupdateframework/tuf-on-ci/actions/update-issue@89d2dad3c8b626dde7a9e65b036ca35d11ab8b2a # v0.12.0 + uses: theupdateframework/tuf-on-ci/actions/update-issue@27c49c016591c7cfea57f6b15296f714a5c4a5f6 # v0.13.0 with: token: ${{ secrets.TUF_ON_CI_TOKEN || secrets.GITHUB_TOKEN }} success: ${{ !contains(needs.*.result, 'failure') }} diff --git a/.github/workflows/tuf_client_tests.yml b/.github/workflows/tuf_client_tests.yml index 88f1fc95..4b421ee3 100644 --- a/.github/workflows/tuf_client_tests.yml +++ b/.github/workflows/tuf_client_tests.yml @@ -30,7 +30,7 @@ jobs: - uses: actions/setup-python@v5 with: python-version: '3.x' - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 2 - run: | @@ -55,7 +55,7 @@ jobs: go run ./tests/client-tests list http://localhost:8001 # Test with rust client - name: Configure cargo cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 with: path: | /tmp/tuftool-target @@ -82,9 +82,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup node - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: node-version: 20 - name: Install tufjs/cli diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e05144db..893919eb 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -26,7 +26,7 @@ jobs: validate: runs-on: ubuntu-latest steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 2 - run: |