From 7ea2973968c9009d57b976180244439aa8081c2f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:31:14 +0100 Subject: [PATCH 1/6] build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 (#734) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.9.0 to 6.10.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/4f58ea79222b3b9dc2c8bbdd6debcef730109a75...48aba3b46d1b1fec4febb7c5d0c644b249a11355) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish_container.yml | 2 +- .github/workflows/publish_docker_dev.yml | 2 +- .github/workflows/test_docker_build.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_container.yml b/.github/workflows/publish_container.yml index f7d8f990..36eb5761 100644 --- a/.github/workflows/publish_container.yml +++ b/.github/workflows/publish_container.yml @@ -46,7 +46,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . push: true diff --git a/.github/workflows/publish_docker_dev.yml b/.github/workflows/publish_docker_dev.yml index 063e374d..77cc6fdc 100644 --- a/.github/workflows/publish_docker_dev.yml +++ b/.github/workflows/publish_docker_dev.yml @@ -39,7 +39,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . push: true diff --git a/.github/workflows/test_docker_build.yml b/.github/workflows/test_docker_build.yml index 1786ed33..7124df14 100644 --- a/.github/workflows/test_docker_build.yml +++ b/.github/workflows/test_docker_build.yml @@ -21,7 +21,7 @@ jobs: uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 - name: Build and push - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . push: false From cfd1e9f0c507019e120e380927900b64112b1ea9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:31:26 +0100 Subject: [PATCH 2/6] build(deps): bump github/codeql-action from 3.26.13 to 3.27.5 (#732) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c8014550..0b0f1464 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -68,6 +68,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif From 6c5cabc2512fcacbdb1ccd1864252703748c9b93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:31:35 +0100 Subject: [PATCH 3/6] build(deps): bump codecov/codecov-action from 4.6.0 to 5.0.7 (#731) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.7. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...015f24e6818733317a2da2edd6290ab26238649a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c7572d7d..60221e3b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,7 +27,7 @@ jobs: run: tox -r - name: Codecov - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 + uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a with: files: coverage.xml fail_ci_if_error: false From d2ecfb7cf4f1407b89117eaf366d547b4aa15afa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:31:43 +0100 Subject: [PATCH 4/6] build(deps): bump softprops/action-gh-release from 2.0.8 to 2.1.0 (#725) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.1.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c062e08bd532815e2082a85e87e3ef29c3e6d191...01570a1f39cb168c169c802c3bceb9e93fb10974) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 7844c8fe..114e7436 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -69,7 +69,7 @@ jobs: docker push ghcr.io/repository-service-tuf/repository-service-tuf-api:latest - name: Publish GitHub Release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 with: name: ${{ github.ref_name }} tag_name: ${{ github.ref }} From c25cadb498e4a4906379e12f3ed0d3d9c167543c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:31:54 +0100 Subject: [PATCH 5/6] build(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#721) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/functional-tests.yml | 8 ++++---- .github/workflows/publish_container.yml | 2 +- .github/workflows/publish_docker_dev.yml | 2 +- .github/workflows/scorecard.yml | 2 +- .github/workflows/test_docker_build.yml | 2 +- .github/workflows/update-pre-commit-hooks.yml | 2 +- .github/workflows/update-python-deps.yml | 2 +- 8 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 60221e3b..2db649f6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: python-versions: [ "3.12" ] steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b with: python-version: ${{ matrix.python-versions }} diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml index 46e5c076..cf1f0bf3 100644 --- a/.github/workflows/functional-tests.yml +++ b/.github/workflows/functional-tests.yml @@ -57,10 +57,10 @@ jobs: steps: - name: Checkout RSTUF API source code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Checkout RSTUF Umbrella (FT) - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: repository: repository-service-tuf/repository-service-tuf path: rstuf-umbrella @@ -86,10 +86,10 @@ jobs: steps: - name: Checkout RSTUF API source code - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - name: Checkout RSTUF Umbrella (FT) - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: repository: repository-service-tuf/repository-service-tuf path: rstuf-umbrella diff --git a/.github/workflows/publish_container.yml b/.github/workflows/publish_container.yml index 36eb5761..dc33f13c 100644 --- a/.github/workflows/publish_container.yml +++ b/.github/workflows/publish_container.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout release tag - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: fetch-depth: 0 ref: ${{ inputs.image_version }} diff --git a/.github/workflows/publish_docker_dev.yml b/.github/workflows/publish_docker_dev.yml index 77cc6fdc..2b50908a 100644 --- a/.github/workflows/publish_docker_dev.yml +++ b/.github/workflows/publish_docker_dev.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b with: python-version: '3.12' diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0b0f1464..96802ca8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/test_docker_build.yml b/.github/workflows/test_docker_build.yml index 7124df14..8086000e 100644 --- a/.github/workflows/test_docker_build.yml +++ b/.github/workflows/test_docker_build.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b with: python-version: '3.12' diff --git a/.github/workflows/update-pre-commit-hooks.yml b/.github/workflows/update-pre-commit-hooks.yml index 0ae65893..742f1b6c 100644 --- a/.github/workflows/update-pre-commit-hooks.yml +++ b/.github/workflows/update-pre-commit-hooks.yml @@ -8,7 +8,7 @@ jobs: update-pre-commit-hooks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b with: python-version: "3.12" diff --git a/.github/workflows/update-python-deps.yml b/.github/workflows/update-python-deps.yml index 324303e6..4c68a7ba 100644 --- a/.github/workflows/update-python-deps.yml +++ b/.github/workflows/update-python-deps.yml @@ -10,7 +10,7 @@ jobs: matrix: python-versions: ["3.12"] steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b with: python-version: ${{ matrix.python-versions }} From ef245ca24b28c0bf501f524e692634c559268770 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 12:32:07 +0100 Subject: [PATCH 6/6] build(deps): bump isbang/compose-action from 2.0.1 to 2.0.2 (#700) Bumps [isbang/compose-action](https://github.com/isbang/compose-action) from 2.0.1 to 2.0.2. - [Release notes](https://github.com/isbang/compose-action/releases) - [Commits](https://github.com/isbang/compose-action/compare/e5813a5909aca4ae36058edae58f6e52b9c971f8...f1ca7fefe3627c2dab0ae1db43a106d82740245e) --- updated-dependencies: - dependency-name: isbang/compose-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/functional-tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml index cf1f0bf3..18d5155b 100644 --- a/.github/workflows/functional-tests.yml +++ b/.github/workflows/functional-tests.yml @@ -67,7 +67,7 @@ jobs: ref: ${{ inputs.umbrella_branch }} - name: Deploy RSTUF with API container from source code - uses: isbang/compose-action@e5813a5909aca4ae36058edae58f6e52b9c971f8 + uses: isbang/compose-action@f1ca7fefe3627c2dab0ae1db43a106d82740245e with: compose-file: ${{ inputs.docker_compose }} env: @@ -96,7 +96,7 @@ jobs: ref: ${{ inputs.umbrella_branch }} - name: Deploy RSTUF with API container from source code - uses: isbang/compose-action@e5813a5909aca4ae36058edae58f6e52b9c971f8 + uses: isbang/compose-action@f1ca7fefe3627c2dab0ae1db43a106d82740245e with: compose-file: ${{ inputs.docker_compose }} env: