From 6db2f8c6b060b543bb6d53522d4c9a89a8b64041 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2026 17:05:03 +0000 Subject: [PATCH] Bump the github-actions group across 1 directory with 18 updates Bumps the github-actions group with 18 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.3` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.3.0` | `4.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.8.0` | `4.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `4.2.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.6.1` | `6.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.13.0` | `7.2.0` | | [imranismail/setup-kustomize](https://github.com/imranismail/setup-kustomize) | `2.1.0` | `3.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `7.0.1` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.2.0` | `5.0.0` | | [nolar/setup-k3d-k3s](https://github.com/nolar/setup-k3d-k3s) | `1.0.9` | `1.1.0` | | [nick-fields/retry](https://github.com/nick-fields/retry) | `3.0.0` | `4.0.0` | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4.2.0` | `5.3.0` | | [fairwindsops/pluto](https://github.com/fairwindsops/pluto) | `5.21.2` | `5.24.0` | | [fairwindsops/polaris](https://github.com/fairwindsops/polaris) | `9.6.2` | `10.2.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.8` | `8.0.1` | | [akhilerm/tag-push-action](https://github.com/akhilerm/tag-push-action) | `2.2.0` | `2.3.0` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` | | [act10ns/slack](https://github.com/act10ns/slack) | `2.1.0` | `2.2.0` | Updates `actions/checkout` from 4.2.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...df4cb1c069e1874edd31b4311f1884172cec0e10) Updates `docker/setup-qemu-action` from 3.3.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/53851d14592bedcffcf25ea515637cff71ef929a...06116385d9baf250c9f4dcb4858b16962ea869c3) Updates `docker/setup-buildx-action` from 3.8.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/6524bf65af31da8d45b59e8c27de4bd072b392f5...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) Updates `docker/login-action` from 3.3.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/9780b0c442fbb1117ed29e0efdff1e18412f7567...650006c6eb7dba73a995cc03b0b2d7f5ca915bee) Updates `docker/metadata-action` from 5.6.1 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9) Updates `docker/build-push-action` from 6.13.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/ca877d9245402d1537745e0e356eab47c3520991...f9f3042f7e2789586610d6e8b85c8f03e5195baf) Updates `imranismail/setup-kustomize` from 2.1.0 to 3.0.0 - [Release notes](https://github.com/imranismail/setup-kustomize/releases) - [Commits](https://github.com/imranismail/setup-kustomize/compare/2ba527d4d055ab63514ba50a99456fc35684947f...53f941b41dca13ed61874bbc6b4b6e1562877530) Updates `actions/upload-artifact` from 4.6.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) Updates `azure/setup-helm` from 4.2.0 to 5.0.0 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/fe7b79cd5ee1e45176fcad797de68ecaf3ca4814...dda3372f752e03dde6b3237bc9431cdc2f7a02a2) Updates `nolar/setup-k3d-k3s` from 1.0.9 to 1.1.0 - [Release notes](https://github.com/nolar/setup-k3d-k3s/releases) - [Commits](https://github.com/nolar/setup-k3d-k3s/compare/293b8e5822a20bc0d5bcdd4826f1a665e72aba96...62c9d1bd2bc843275c85d2e7dcd696edc1160eee) Updates `nick-fields/retry` from 3.0.0 to 4.0.0 - [Release notes](https://github.com/nick-fields/retry/releases) - [Commits](https://github.com/nick-fields/retry/compare/7152eba30c6575329ac0576536151aca5a72780e...ad984534de44a9489a53aefd81eb77f87c70dc60) Updates `actions/setup-dotnet` from 4.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](https://github.com/actions/setup-dotnet/compare/87b7050bc53ea08284295505d98d2aa94301e852...9a946fdbd5fb07b82b2f5a4466058b876ab72bb2) Updates `fairwindsops/pluto` from 5.21.2 to 5.24.0 - [Release notes](https://github.com/fairwindsops/pluto/releases) - [Commits](https://github.com/fairwindsops/pluto/compare/d45f6d122de3d99fc4b7576592939ff62655db66...dd5ec8cccce5e42dfe8054b8250baa35546056a0) Updates `fairwindsops/polaris` from 9.6.2 to 10.2.0 - [Release notes](https://github.com/fairwindsops/polaris/releases) - [Changelog](https://github.com/FairwindsOps/polaris/blob/master/docs/changelog.md) - [Commits](https://github.com/fairwindsops/polaris/compare/80e6f7214ee611feb8a0ad2f8be6e58f822b868b...1fdfec73a1a6611078cad745340ad2f0ae0f7db7) Updates `actions/download-artifact` from 4.1.8 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/fa0a91b85d4f404e444e00e005971372dc801d16...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `akhilerm/tag-push-action` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/akhilerm/tag-push-action/releases) - [Commits](https://github.com/akhilerm/tag-push-action/compare/f35ff2cb99d407368b5c727adbcc14a2ed81d509...eadeefebd39db8a47e146115649adae1fce576a6) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](https://github.com/peter-evans/repository-dispatch/compare/ff45666b9427631e3450c54a1bcbee4d9ff4d7c0...28959ce8df70de7be546dd1250a005dd32156697) Updates `act10ns/slack` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/act10ns/slack/releases) - [Changelog](https://github.com/act10ns/slack/blob/master/RELEASE.md) - [Commits](https://github.com/act10ns/slack/compare/44541246747a30eb3102d87f7a4cc5471b0ffb7d...d96404edccc6d6467fc7f8134a420c851b1e9054) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: imranismail/setup-kustomize dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: azure/setup-helm dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: nolar/setup-k3d-k3s dependency-version: 1.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nick-fields/retry dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-dotnet dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: fairwindsops/pluto dependency-version: 5.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: fairwindsops/polaris dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: akhilerm/tag-push-action dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: act10ns/slack dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/pipeline.yml | 76 +++++++++++++++++----------------- .github/workflows/wiz-scan.yml | 4 +- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 5b40e75..e32852b 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -69,24 +69,24 @@ jobs: BUILD_VERSION: ${{ needs.generate-version.outputs.version }} IS_PUBLIC_BUILD: ${{ needs.generate-version.outputs.is-public-build }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Setup QEMU - uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a # v3.3.0 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 with: platforms: arm64 - - uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 + - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 id: buildx with: install: true version: latest - - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker Meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ${{ env.IMAGE_NAME }} tags: | @@ -94,7 +94,7 @@ jobs: type=raw,value=pr-artifact,enable=${{ github.event_name == 'pull_request' }} type=raw,value=dispatch-artifact,enable=${{ github.event_name == 'workflow_dispatch' }} type=raw,value=release-artifact,enable=${{ needs.generate-version.outputs.version != '0.0.1' }} - - uses: docker/build-push-action@ca877d9245402d1537745e0e356eab47c3520991 # v6.13.0 + - uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0 id: build with: file: Dockerfile @@ -114,8 +114,8 @@ jobs: env: BUILD_VERSION: ${{ needs.generate-version.outputs.version }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: imranismail/setup-kustomize@53f941b41dca13ed61874bbc6b4b6e1562877530 # v3.0.0 - name: Generate Manifests (Prod) run: | set -xe @@ -147,7 +147,7 @@ jobs: cp manifests/install/all/crds/crds.yaml ./crds.yaml shell: bash - name: Publish (Artifacts) - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: manifests path: | @@ -161,9 +161,9 @@ jobs: env: BUILD_VERSION: ${{ needs.generate-version.outputs.version }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: imranismail/setup-kustomize@2ba527d4d055ab63514ba50a99456fc35684947f # v2.1.0 - - uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: imranismail/setup-kustomize@53f941b41dca13ed61874bbc6b4b6e1562877530 # v3.0.0 + - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0 with: version: v3.19.2 - name: Generate Chart @@ -184,21 +184,21 @@ jobs: | tee ./manifests/helm/dist/output.yaml shell: bash - name: Publish (Chart) - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: helm-chart path: | manifests/helm/dist/*.tgz retention-days: 7 - name: Publish (Schema) - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: helm-schema path: | manifests/helm/values.schema.json retention-days: 7 - name: Publish (Manifests) - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: helm-manifests path: | @@ -225,19 +225,19 @@ jobs: IMAGE: ghcr.io/contrast-security-oss/agent-operator/operator@${{ needs.build-image.outputs.digest }} if: ${{ github.event_name != 'pull_request' }} # should match push logic in build-image steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: nolar/setup-k3d-k3s@293b8e5822a20bc0d5bcdd4826f1a665e72aba96 # v1.0.9 + - uses: nolar/setup-k3d-k3s@62c9d1bd2bc843275c85d2e7dcd696edc1160eee # v1.1.0 name: Deploy K3d with: version: v${{ matrix.k3s-version }} github-token: ${{ secrets.GITHUB_TOKEN }} - name: Import Images - uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 with: timeout_minutes: 10 max_attempts: 5 @@ -263,7 +263,7 @@ jobs: kubectl apply -k manifests/examples/testing shell: bash - name: Setup .NET SDK - uses: actions/setup-dotnet@87b7050bc53ea08284295505d98d2aa94301e852 # v4.2.0 + uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5.3.0 with: dotnet-version: 10.0.x - name: Execute Functional Tests @@ -272,7 +272,7 @@ jobs: dotnet test ./tests/Contrast.K8s.AgentOperator.FunctionalTests/Contrast.K8s.AgentOperator.FunctionalTests.csproj shell: bash - name: Dump Operator Logs - uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 if: ${{ always() }} with: timeout_minutes: 10 @@ -303,9 +303,9 @@ jobs: fail-fast: false steps: - name: Setup Pluto - uses: fairwindsops/pluto/github-action@d45f6d122de3d99fc4b7576592939ff62655db66 # v5.21.1 + uses: fairwindsops/pluto/github-action@dd5ec8cccce5e42dfe8054b8250baa35546056a0 # v5.24.0 - name: Setup Polaris - uses: fairwindsops/polaris/.github/actions/setup-polaris@80e6f7214ee611feb8a0ad2f8be6e58f822b868b # v9.6.1 + uses: fairwindsops/polaris/.github/actions/setup-polaris@1fdfec73a1a6611078cad745340ad2f0ae0f7db7 # v10.2.0 with: version: 7.2.0 - name: Setup Kubeconform @@ -315,7 +315,7 @@ jobs: tar xf kubeconform-linux-amd64.tar.gz sudo install kubeconform /usr/local/bin/kubeconform - name: Download Manifests - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 id: download-artifacts with: name: ${{ matrix.artifact }} @@ -372,16 +372,16 @@ jobs: IMAGE_NAME: ghcr.io/contrast-security-oss/agent-operator/operator if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Login (GitHub) - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker Meta id: meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: ${{ env.IMAGE_NAME }} tags: | @@ -390,7 +390,7 @@ jobs: type=semver,pattern={{major}},value=${{ env.BUILD_VERSION }},enable=${{ needs.generate-version.outputs.is-release == 'true' }} type=raw,latest,enable=${{ needs.generate-version.outputs.is-release == 'true' }} - name: Tag for Release - uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0 + uses: akhilerm/tag-push-action@eadeefebd39db8a47e146115649adae1fce576a6 # v2.3.0 with: src: ghcr.io/contrast-security-oss/agent-operator/operator@${{ needs.build-image.outputs.digest }} dst: | @@ -415,27 +415,27 @@ jobs: BUILD_VERSION: ${{ needs.generate-version.outputs.version }} if: ${{ needs.generate-version.outputs.version != '0.0.1' }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Login (GitHub) - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login (Dockerhub) - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PAT }} - name: Login (Quay) - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 with: registry: quay.io username: ${{ secrets.QUAY_USERNAME }} password: ${{ secrets.QUAY_PASSWORD }} - name: Docker Meta id: dockerhub-meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0 with: images: | docker.io/contrast/agent-operator @@ -447,17 +447,17 @@ jobs: type=semver,pattern={{major}},value=${{ env.BUILD_VERSION }},enable=${{ needs.generate-version.outputs.is-release == 'true' }} type=raw,latest,enable=${{ needs.generate-version.outputs.is-release == 'true' }} - name: Tag for Release - uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0 + uses: akhilerm/tag-push-action@eadeefebd39db8a47e146115649adae1fce576a6 # v2.3.0 with: src: ghcr.io/contrast-security-oss/agent-operator/operator@${{ needs.build-image.outputs.digest }} dst: | ${{ steps.dockerhub-meta.outputs.tags }} - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 id: download-manifests with: name: manifests path: ./artifacts/manifests - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 id: download-schema with: name: helm-schema @@ -482,7 +482,7 @@ jobs: immutableCreate: true prerelease: ${{ needs.generate-version.outputs.is-release == 'false' }} # pre-releases will have is-release false - name: Publish Helm Chart - uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0 + uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v4.0.1 if: ${{ needs.generate-version.outputs.is-release == 'true' }} with: token: ${{ secrets.GH_PR_WRITE_PAT }} @@ -506,7 +506,7 @@ jobs: # SENTRY_ORG: sentry # SENTRY_PROJECT: agent-operator # SENTRY_URL: https://sentry.prod.dotnet.contsec.com - - uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0 + - uses: act10ns/slack@d96404edccc6d6467fc7f8134a420c851b1e9054 # v2.2.0 if: ${{ needs.generate-version.outputs.is-release == 'true' }} with: status: ${{ job.status }} diff --git a/.github/workflows/wiz-scan.yml b/.github/workflows/wiz-scan.yml index b26038b..b550188 100644 --- a/.github/workflows/wiz-scan.yml +++ b/.github/workflows/wiz-scan.yml @@ -22,7 +22,7 @@ jobs: contents: read steps: - name: Checkout repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Build the Docker image run: docker build . --tag agent-operator:dev @@ -38,7 +38,7 @@ jobs: - name: Capture Wiz Output if: always() - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: agent-operator-wiz-report path: |