From e6482d2377d9a9e529596aa828e87242a5110bb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 15:05:45 +0000 Subject: [PATCH] chore(deps): bump the ci group across 1 directory with 5 updates Bumps the ci group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `4.33.0` | `4.34.1` | | [yokawasa/action-setup-kube-tools](https://github.com/yokawasa/action-setup-kube-tools) | `0.13.1` | `0.13.3` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.1` | `5.0.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.23.1` | `0.24.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.1.0` | `4.1.1` | Updates `github/codeql-action` from 4.33.0 to 4.34.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b1bff81932f5cdfc8695c7752dcee935dcd061c8...38697555549f1db7851b81482ff19f1fa5c4fedc) Updates `yokawasa/action-setup-kube-tools` from 0.13.1 to 0.13.3 - [Release notes](https://github.com/yokawasa/action-setup-kube-tools/releases) - [Commits](https://github.com/yokawasa/action-setup-kube-tools/compare/3e3886c11bfa25fe33f8eb90f59542dd151da442...4710caf20bc62368b8edab32f7c9cc7dc3a2ac31) Updates `azure/setup-helm` from 4.3.1 to 5.0.0 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/1a275c3b69536ee54be43f2070a358922e12c8d4...dda3372f752e03dde6b3237bc9431cdc2f7a02a2) Updates `anchore/sbom-action` from 0.23.1 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/57aae528053a48a3f6235f2d9461b05fbcb7366d...e22c389904149dbc22b58101806040fa8d37a610) Updates `sigstore/cosign-installer` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22...cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: yokawasa/action-setup-kube-tools dependency-version: 0.13.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: azure/setup-helm dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/e2e.yaml | 2 +- .github/workflows/release.yaml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0073b302..7671a58c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -67,7 +67,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 + uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -80,6 +80,6 @@ jobs: # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 + uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 62f9f8af..55cbaac8 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -46,7 +46,7 @@ jobs: uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc with: install_only: true - - uses: yokawasa/action-setup-kube-tools@3e3886c11bfa25fe33f8eb90f59542dd151da442 + - uses: yokawasa/action-setup-kube-tools@4710caf20bc62368b8edab32f7c9cc7dc3a2ac31 with: kustomize: '5.7.1' tilt: '0.36.3' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2e9ae0f3..e313b563 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -93,15 +93,15 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Install Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 + uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 - name: Generate manifests run: | mkdir -p output helm template ./deploy --namespace ocm-system --set "manager.image.tag=${{ env.RELEASE_VERSION }}" --include-crds > ./output/install.yaml - name: Setup Syft - uses: anchore/sbom-action/download-syft@57aae528053a48a3f6235f2d9461b05fbcb7366d # v0.23.1 + uses: anchore/sbom-action/download-syft@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 - name: Setup Cosign - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 - name: Run goreleaser uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 with: